NetworkAccountProfilesLaunchpad

Revision 1 as of 2008-06-09 21:31:57

Clear message

Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.

Summary

Launchpad authentication is an important network profile to support. Because we can control both ends of this authentication mechanism we can make it more secure and robust than other network acount profiles. This means we should make it more secure and robust.

Release Note

Ubuntu users can log into Launchpad services including those provided by Canonical using network account profiles.

Rationale

  • The importance of network services has increased over the last few years. Call it Web 2.0 or any other buzzword that you'd like, but users now expect these services. It's important that we start building ways for these services to get into desktop applications.
  • Canonical is planning to be a provider of network services to Ubuntu users that enhance the Ubuntu experience. Many services that require connecting between multiple computers and devices require an intermediary network server, but it must be easy to use. This framework will lay the basis for providing such services on Ubuntu.

Use Cases

  • User should be able to use Launchpad authenticated services with NAP enabled applications

Design

Requirements

  • Authentication should be able to be revoked from Launchpad itself
  • No user login or password should be stored on the local machine in any form

Architecture

Implementation

One of the profiles that we are planning to support is the "Ubuntu.net" profile which will use the Launchpad authentication infrastructure for account authentication. Because we are able to control both the backend and frontend of this implementation, the overall solution can be more robust than other interfaces allow.

The main advantage that the Ubuntu.net solution will provide is by not using the username/password as the desktop token, but instead to use an actual generated token by the Launchpad authentication architecture. This token can then be used by applications on the desktop in order to authenticate with the various Ubuntu.net services. There will be no reason to store the username and password on the desktop. Also, these tokens may be expired by the Launchpad Authentication Architecture, so the cases where we have an expired token will have to be handled explicitly.

Migration

No previous data.

Test/Demo Plan

Comments

CategorySpec