[Tickets #811] RESOLVED: new horde application

bugs@bugs.horde.org bugs at bugs.horde.org
Sun May 22 08:55:32 PDT 2005 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/?id=811
-----------------------------------------------------------------------
 Ticket             | 811
 Updated By         | Chuck Hagenbuch <chuck at horde.org>
 Summary            | new horde application
 Queue              | Horde Base
 Version            | HEAD
 State              | Rejected
 Priority           | 1. Low
 Type               | Enhancement
 Owners             | Horde Developers
-----------------------------------------------------------------------


Chuck Hagenbuch <chuck at horde.org> (2005-05-22 08:55) wrote:

Thoughts from Kevin Myer:

Has the idea of developing a Horde "wallet" ever been kicked around?  The
idea
would be to allow a user (and/or an admin) to manage credentials for the
many
different services they can access online.

It would be the equivalent to an online version of Apple's KeyChain, and
would
solve a problem of not requiring that all your passwords need to be the
same.
I have a small Horde install at home, running local copies of most of the
services my ISP provides.  I could just interface with their mail server
directly but its POP3 only.  So I need to make sure all my accounts match
up
from my server at home, with my ISP accounts, which is a pain.  And do the
same
for my wife.  And for my daughter (although she's only in the past week
learned
enough to crawl over and bang on the laptop keys ;)  And accounts for our
online photo service, etc.

Design would be such that the data would be stored in an encrypted format,
with
a user supplied key (either their horde_pass, or a separate token).  If
they
supply the right key, they can decrypt their additional credentials and
apps
can use them.  If you do this right, you don't have to fool around with all
the
exceptions that are coded into each module.  Sometimes you need to use a
hook,
sometimes Auth::getAuth(), sometimes Auth::getBareAuth(), etc.  Instead,
you
write your code to a) use the contents of the wallet if they are available,
or
b) use existing credentials.

Another useful application would be that an admin could setup a default set
of
credentials for services that the organization subscribes to.  I wrote a
portal
block to authenticate to an online training service we subscribe to - one
master userid and password to login there, but I don't want the users to
know
what that is.  If they authenticate to horde, they can launch the training
modules from the portal.  It would be much slicker if each of them had the
credentials in their wallet, (unalterable and viewable by them of course),
because then I could also extend the idea of using Horde Permissions to
selectively provide certain sets of credentials to some users.

The idea of a wallet is sort of already done in the Fetchmail portion of IMP
-
you supply information about other accounts you have and you can access mail
on
other systems.

I propose a name of illeg ;)

More information about the bugs mailing list