Re: Branding of GNOME-hosted Tomboy Online

[Dave Neary <dneary gnome org>]

Hi,

Paul Cutler wrote:
> Well, damn - I don't want to start the whole Roadmap discussion again
> that we recently saw on the Foundation list, but this tickles my brain.
> With Google SoC coming up, is there any way we can brainstorm in time to
> think about what apps might be interesting to extend GNOME Online
> Services?  These are really two interesting ideas.  (And I don't have
> enough information about what the Abiword team is up to).

There are two different things here, which are (I think) nicely
separable - although from a security standpoint, we're definitely going
to hit a steep learning curve :}

1. The same user synchronises resources online from different machines
 - Tomboy notes
 - Bookmarks
 - GTG checklists
 - Hamster activities
 - Calendar
 - Application settings, maybe?
 - Documents? Email? Photos?

2. Different users collaborate on the same application online
 - Multi-player networked games
 - Document editing with abiword
 - Drawing with Inkscape
 - Music
etc.

Ideally, 2 would have elements of a social network with things done
using XMPP or similar for messaging & messages & chat & co-operation,
while 1 "just" needs a good security model, a well-defined sync engine &
client & protocol, and lots of available disk space server-side (with
big potential for paid services - I'd pay GNOME €20 a month to sync all
that stuff across multiple machines & do off-site back-up).

>> If we have multiple services, and you have to sign up,
>> we certainly don't want people to have to sign up to
>> each of them separately.  So I'd like us to keep in
>> mind how this whole system can be extended.
> 
> I have no idea what a single sign-on service in the future looks like
> nor am I the right person to scope it, but this is something we should
> keep in the back of our heads.  How does Snowy / Tomboy Online handle
> user logins?  (Probably best to discuss on the Snowy list, but anyway)

FYI, MeeGo are working out their SSO architecture as we speak - a
conversation worth eavesdropping on?

SSo architectures are all essentially identical:

- The application receives an access request
- An authentication agent is called by the app, and checks whether the
user is already authenticated
- If not, the authentication agent validates identity againts an
authentication store containing identity data + username & password

At each stage, there are lots of ways to go - OpenID is the most popular
authenticating agent right now, but Facebook is also being used (and I
don't *think* it's OpenID, but I could be wrong) - for OpenID, you have
to connect your OpenID provider URI to the service (so the first time
you connect to Tomboy Notes, you say "Authenticate me with GNOME's
OpenID provider" or with Maemo or Google or Flickr or whatever. Everyone
probably has at least one OpenID account already (see
http://openid.net/get-an-openid/).

The OpenID provider then handles the back-end store so you don't have
to, and authenticates if necessary. If you already have a cookie for a
Google account, for example, no authentification. If not, then you enter
your email address & password as normal for Google, and you're
authenticated for your online service.

If we're implementing an OpenID provider, then you're probably going to
be using some kind of centralised account creation website with an LDAP
back-end and a centralised GNOME-branded identity preferences page.


>> On the other hand, we absolutely should not block doing
>> something useful right now for a grand vision.  We can
>> grow this in pieces, if we're smart about it.
> 
> Agreed - we shouldn't block on this right now.  I personally want to see
> Tomboy Online as part of the GNOME 3.0 launch plans and now is go time.

So I'd suggest authenticating with OpenID and being provider agnostic,
which gives us the potential to recommend a particular service later.

Cheers,
Dave.

-- 
Dave Neary
GNOME Foundation member
dneary gnome org