Talk:Infrastructure Team/Central Login

CAS vs. OpenID
Both methods seems to be similar functionally. So, what method(s) need to be supported for SL resources?


 * Both methods need coding for some SL Web applications. alsroot 14:43, 20 September 2011 (EDT)
 * Some applications already support OpenID, but is it possible to use OpenID authentication and LDAP for users metadata and authorisation at the same time? alsroot 14:43, 20 September 2011 (EDT)
 * Supporting only OpenID (without password based authentication as a spare method) seems to be overkill, at least for non tech people. alsroot 14:43, 20 September 2011 (EDT)
 * However, most 'not tech' people already have an OpenID provider account, and such providers will continue to make that easier (and more secure), all being a cost-free benefit to us. --FGrose 16:04, 20 September 2011 (EDT)
 * Though, similarity between CAS and OpenID is not so obvious, CAS is exactly about "login only once", for OpenID, people need login on every resource. So, see the 1st option for solution. alsroot 18:18, 20 September 2011 (EDT)

Possible solutions:


 * Use CAS/LDAP for all SL applications. Useful for people who prefer login/passwords to get benefits from "login only once". Use OpenID, at least when it is implemented, to rely on particular application for associating OpenID accounts with ones got from CAS/LDAP. For OpenID case, the "login only once" won't work. alsroot 18:18, 20 September 2011 (EDT)