Ubuntu Wiki

This is a blueprint to discuss the way all desktop apps can ask for access to a launchpad account:

Front End GUI design

1. A user would be presented with a choice of identifying themselves via login or creating a new user account
2. Both of these things would throw open a web browser and request a special token which permits the application to act on behalf of launchpad when granting further tokens.
3. The user would authenticate in the browser and then permit access to the account (No option must be given about the kind of access, only an accept or deny and a warning about the great power being bestowed)
4. The user's account would then appear in the GUI and the app would allow you to see a list of credentials passed on, or delete this account (and all credentials passed on).
5. We also provide a button to add further accounts, but this isn't expected to be used very often, but it is a requested feature from community/corporate split programmers with two accounts.
6. When an application needs access to an account, it requests access and the user then gets a GUI to allow or deny access for the application. Possibly displaying a list of permission options.

Back End design

This system needs to have a fairly flexible backend and we should base it on dbus to make sure it's easy to use for any application no matter the language:

1. The user would have an account in launchpad logged in as described above.
2. An application makes a request over dbus to have access to a lp account.
3. It could also ask for a list of accounts set up.
4. The credential for the system is used to authenticate with launchpad
5. Then the system creates a new token with access rights just for that app.
6. The credential _data_ is passed back to the application.

Comments

Please make your thoughts known here.