Roadmap
-
This version works up until the point release of Joomla where they changed all the password storage algorithms...
doh.
-
Features
- uses phpInfocard for all xml operations
- allows specification of 'trusted' managed card providers
- no longer takes over the login page
- new, more secure database structure (stores a hash of issuer key and PPID, not each piece)
- abstract classes created to make new plugin development easier.
Caveats
- is only tested with single-card provisioning
- relies on the expectation that the email address is a unique identifier for an account (this can break co-existence with openID accounts, as the OpenID plugin allows two different accounts with the same email address to be registered, even though Wordpress username/password registration blocks this)
-
Common Code version: 1.0
Features
- uses built-in WP login page
- allows simultaneous use of username/password (unpw) and infocards
- one-step activation (no more code editing)
- allows specification of 'trusted' managed card providers
- web Gui allows settings like time validation and debug mode to be managed
- Supports C14N IDPs
Caveats
- Users can only associate one card at a time
- Can co-exist with OpenID, but users who register multiple openID accounts with the same email address will break information cards with the same email address ( a possible DOS attack, plus just plain inconvenient)
-
Adding:
1) Friendly Card Identifiers 2) Support for new version of phpInfoCard
-
Summary
PW Common Code v1.5:
- authentications flows allow multiple cards per account
- uses abstract classes
- does not assume that email address is a unique identifier for an account
- processing of posted XML token can be called either as a function or by using the infocard-post.php file as the post action
Features
Caveats
Note: See TracRoadmap for help on using the roadmap.
