[dev] Horde "wallet" idea

Kevin Myer kevin_myer at iu13.org
Sat May 21 11:50:02 PDT 2005


Has the idea of developing a Horde "wallet" ever been kicked around?  The idea
would be to allow a user (and/or an admin) to manage credentials for the many
different services they can access online.

It would be the equivalent to an online version of Apple's KeyChain, and would
solve a problem of not requiring that all your passwords need to be the same. 
I have a small Horde install at home, running local copies of most of the
services my ISP provides.  I could just interface with their mail server
directly but its POP3 only.  So I need to make sure all my accounts match up
from my server at home, with my ISP accounts, which is a pain.  And do the same
for my wife.  And for my daughter (although she's only in the past week learned
enough to crawl over and bang on the laptop keys ;)  And accounts for our
online photo service, etc.

Design would be such that the data would be stored in an encrypted format, with
a user supplied key (either their horde_pass, or a separate token).  If they
supply the right key, they can decrypt their additional credentials and apps
can use them.  If you do this right, you don't have to fool around with all the
exceptions that are coded into each module.  Sometimes you need to use a hook,
sometimes Auth::getAuth(), sometimes Auth::getBareAuth(), etc.  Instead, you
write your code to a) use the contents of the wallet if they are available, or
b) use existing credentials.

Another useful application would be that an admin could setup a default set of
credentials for services that the organization subscribes to.  I wrote a portal
block to authenticate to an online training service we subscribe to - one
master userid and password to login there, but I don't want the users to know
what that is.  If they authenticate to horde, they can launch the training
modules from the portal.  It would be much slicker if each of them had the
credentials in their wallet, (unalterable and viewable by them of course),
because then I could also extend the idea of using Horde Permissions to
selectively provide certain sets of credentials to some users.

The idea of a wallet is sort of already done in the Fetchmail portion of IMP -
you supply information about other accounts you have and you can access mail on
other systems.

I propose a name of illeg ;)

Kevin

-- 
Kevin M. Myer
Senior Systems Administrator
Lancaster-Lebanon Intermediate Unit 13  http://www.iu13.org



More information about the dev mailing list