On 2/08/2013 3:35 PM, Rick Moen wrote:
Quoting Andrew McGlashan (andrew.mcglashan@affinityvision.com.au):
Ubuntu forums is back, you now need to use Ubuntu's SSO [single sign on] service..... let's hope that is safe ;)
Ubuntu SSO is merely an OpenID scheme.
Yes, not a fan of OpenID ... I much prefer to have a specific login to each and every service I use and not have any /generic/ use login, such as SSO when it is possible. With OpenID, you also need to have "referrer" header enabled, but 3rd party cookies can remain off. I normally have referrer headers turned off, along with other privacy measures.
I can't see that the switch to OpenID-based auth ('Ubuntu SSO') improves site security. Seems more likely that this is just an attempt to consolidate services with their proprietary-software-based online 'stores' (Canonical Store, Ubuntu One, Ubuntu One Music Store, and so on) and drive traffic to them.
What they have _not_ done is ditch an abysmal PHP developed application that was and is their fundamental problem. (I do sympathise. Having to do a forced migration would be very painful.)
Thanks Rick for your excellent analysis, I fully agree with you. Can you also post your email to MLUG? I can re-post it there if you want. This post is cross posting to both lists.... Kind Regards AndrewM