(...I'm somewhat unclear on the process for grabbing namespace
i.e., beyond the general principle of Talk to People.
Since all of the various documents on this seem to be 10
years out of date, and apparently very few people are reading
comp.lang.modules.perl anymore, here goes...)
I suppose the main question for *this* group would be how
you'd all feel about my grabbing a name like
Net::OpenID::Dispatch or
Net::OpenID::DWIM
or whether there are better options out there
The module in question provides CGI/Apache::Request -style handlers
-- modulo the Small Matter that since Plack/PSGI has appeared on the
scene since I started writing this, I should probably just adapt it to that
world and call it a day, which would simplify things immensely --
that would:
(*) take a user-provided identifier (be it a username, email address,
literal openID, or ID provider domain name,...),
(*) launch into whatever ID-discovery or provider conversation is
necessary to authenticate via *one* of the OpenIDs or OpenID-like
mechanisms that user has *previously* registered for his/her account,
(*) invoke a local password-authentication if no providers are
actually registered with the account in question.
(*) redirect back to some predetermined place once *some*
corresponding ID is established.
The point is to be able to easily put up
(*) a sign-in form with ONE field in it, the user types something, and
we just Do The Right Thing to get them signed in, via whichever
provider(s) they've previously specified for their account is
available at the moment.
(*) a form for registering a new OpenID with one's account, to be used
by an already-signed-in user, which goes through the authentication
to ensure that said ID actually belong to him/her.
This is a slightly different take on OpenID in that it is NOT about
accepting arbitrary OpenID signins from random bozos, but rather about
giving an existing userbase the option of ditching their passwords
--- or being able to send out account-setup email to new people that
just launches them into registering their gmail address or other OpenID
so that they don't have to set a password at all in the first place
--- and thus be able to get out of the password business entirely.
It is mostly a front-end to Net::OpenID::Consumer, except it also
allows for having fake back-ends for "providers" like Facebook or
Microsoft that use their own protocol, so long as they somehow be
shoehorned into into the general
discover -> check-immediate -> check-direct ->verify
process that OpenID uses.
I was originally waffling between
Net::OpenID::Dispatch
Net::OpenID::DWIM
but even though it's OpenID-inspired and gets used with OpenID
providers *most* of the time, I'm not entirely certain it belongs
in the Net::OpenID hierarchy (perhaps it does,... never mind that
the modules page discourages this kind of use of the Net:: heirarchy
at all,... then again Net::OpenID::Server/Consumer was allowed,
and I'm getting the impression The Rules are more flexible these
days?)
And since the module is intended to be agnostic about CGI.pm
vs. Apache2/mod_perl (and as per above, I think I'm just going
to Plack-ify it) -- it clearly doesn't belong under
Apache[2]:: or CGI::
As for other hierarchies, my understanding is that
WWW::
is more for high-level applications,
HTTP::
is more for implementation of the HTTP protocol/extensions
Auth*::
would imply that this makes sense in a
non-browser/HTTP context, which it mostly doesn't
So, ... thoughts?
Is there something out there that already does this?