[Haskell-cafe] Re: Unified Haskell login

Michael Snoyman michael at snoyman.com
Sun Sep 19 09:40:33 EDT 2010

Thank you everyone for the feedback. Based on what people have been
saying, here's a more concrete proposal:

* Creates a website haskellers.com where people can create profiles.
* Logins to haskellers.com will be via OpenID. There will probably be
some kind of widget to make that simpler[1].
* Multiple OpenIDs can be tied into a single profile on Haskellers.
* A profile on Haskellers will have a unique number and corresponding
unique URL associated with it (http://www.haskellers.com/profile/1/,
for example).
* On Haskellers you will be able to associate your Hackage username
somehow. I'll probably need some cooperation from the Hackage side.
(Ideally, I would have wanted a system where we could do away with
having a separate Hackage username, but I doubt that will happen.)
* The profile's unique URL will actually be a RESTful API, providing
data as HTML, JSON, possible a Haskell-specific format, etc.
* There will also be a RESTful API for discovering the profiles
available on Haskellers.
* And here's the important bit: there will be an API to lookup a
profile by OpenID URL. This is what will allow the universal login:
any site can simply allow OpenID login and query any information it
wants from Haskellers.
* Another feature I'd like to explore is allowing some kind of OAuth
protocol for other websites to gain authorization to make
modifications to profiles on Haskellers.

The question of *what* information we want as part of a profile is
also very important, but is really a tangential discussion to the
universal login issue. The question I have is whether this kind of a
system will provide the support other sites/services would want?

Notably absent here is the use of services besides OpenID for
authentication. I personally would have thought allowing Twitter and
Facebook logins would be a win, but there seems to be lackluster
interest in this. Also, having some kind of "login via Hackage"
probably would be nice as well, but once again does not seem like
there is demand for it.


[1] http://code.google.com/p/openid-selector/

On Fri, Sep 17, 2010 at 8:47 AM, Michael Snoyman <michael at snoyman.com> wrote:
> Hi cafe,
> Let me preface this by stating that this is purposely a half-baked
> idea, a straw man if you will. I'd like to hear what the community
> thinks about this.
> I mentioned yesterday that I was planning on building haskellers.com.
> The first technicality I considered was how login should work. There
> are a few basic ideas:
> * Username/password on the site. But who wants to deal with *another* password?
> * OpenID. Fixes the extra password problem, but doesn't give us any
> extra information about the user (email address, etc).
> * Facebook/Twitter/Google: We get the users email address, but do we
> *really* want to force users to have one of those accounts?
> I then started thinking about the Yesod documentation site[1], and
> realized in the not-too-distant future I'm going to want to provide a
> feature tracker. Once again, I'll need to face the exact same problem.
> And then I realized something: I already have *two* Haskell-centric
> logins: one for Hackage, and one for the Haskell wiki.
> Consolidating our logins as a community could be a huge plus. If we
> keep the same kind of system as we have now with Hackage and the wiki,
> we can verify each new user to keep things "clean". Or even better: we
> could have a built-in permissions system: permissions for uploading to
> Hackage, modifying the wiki, feature requests, etc. Users get
> simplification of only needing to apply for an account once and only
> need to remember one password. (In fact, if we wanted to, we could
> bypass the password some of the time by allowing OpenID
> authentication.)
> But perhaps the biggest advantage would be the community building
> advantage. Imagine if you go to Hackage and the upload by field is a
> link to someone's Haskellers profile. Imagine going to Haskellers and
> seeing a list of all the users uploaded packages and wiki
> contributions. We could even start with some clever things like badges
> per user. I'm sure there are lots of possibilities out there I haven't
> considered.
> Obviously there are some technical hurdles to overcome. We would
> probably need to do some significant work on the wiki to get this to
> happen. But given that we seem to have had trouble with mediawiki in
> the past (I remember hearing about some migration issues), maybe it's
> time to eat our own dog food and switch to a Haskell-based wiki[2]
> that could be more easily modified to suit our needs. We would also
> need some kind of protocol for the cross-site authentication; OAuth
> 2.0 might be worth considering for this.
> All of this may just be the ramblings of a mad-man (I haven't had
> breakfast yet), but I do think that *some* form of unified login could
> really push Haskell forward.
> Michael
> [1] http://docs.yesodweb.com/
> [2] http://hackage.haskell.org/package/gitit

More information about the Haskell-Cafe mailing list