Difference between revisions of "Talk:Infrastructure Team/Central Login"

From Sugar Labs
Jump to navigation Jump to search
 
(One intermediate revision by one other user not shown)
Line 5: Line 5:
 
* Both methods need coding for some SL Web applications. [[User:Alsroot|alsroot]] 14:43, 20 September 2011 (EDT)
 
* Both methods need coding for some SL Web applications. [[User:Alsroot|alsroot]] 14:43, 20 September 2011 (EDT)
 
* Some applications already support OpenID, but is it possible to use OpenID authentication and LDAP for users metadata and authorisation at the same time? [[User:Alsroot|alsroot]] 14:43, 20 September 2011 (EDT)
 
* Some applications already support OpenID, but is it possible to use OpenID authentication and LDAP for users metadata and authorisation at the same time? [[User:Alsroot|alsroot]] 14:43, 20 September 2011 (EDT)
* Supporting only OpenID (without password based authentication as a spare method) seems to be overkill, at least for not tech people. [[User:Alsroot|alsroot]] 14:43, 20 September 2011 (EDT)
+
* Supporting only OpenID (without password based authentication as a spare method) seems to be overkill, at least for non tech people. [[User:Alsroot|alsroot]] 14:43, 20 September 2011 (EDT)
 +
*: However, most 'not tech' people already have an OpenID provider account, and such providers will continue to make that easier (and more secure), all being a cost-free benefit to us. --[[User:FGrose|FGrose]] 16:04, 20 September 2011 (EDT)
 +
* Though, similarity between CAS and OpenID is not so obvious, CAS is exactly about "login only once", for OpenID, people need login on every resource. So, see the 1st option for solution. [[User:Alsroot|alsroot]] 18:18, 20 September 2011 (EDT)
 +
 
 +
Possible solutions:
 +
 
 +
* Use CAS/LDAP for all SL applications. Useful for people who prefer login/passwords to get benefits from "login only once". Use OpenID, at least when it is implemented, to rely on particular application for associating OpenID accounts with ones got from CAS/LDAP. For OpenID case, the "login only once" won't work. [[User:Alsroot|alsroot]] 18:18, 20 September 2011 (EDT)

Latest revision as of 17:18, 20 September 2011

CAS vs. OpenID

Both methods seems to be similar functionally. So, what method(s) need to be supported for SL resources?

  • Both methods need coding for some SL Web applications. alsroot 14:43, 20 September 2011 (EDT)
  • Some applications already support OpenID, but is it possible to use OpenID authentication and LDAP for users metadata and authorisation at the same time? alsroot 14:43, 20 September 2011 (EDT)
  • Supporting only OpenID (without password based authentication as a spare method) seems to be overkill, at least for non tech people. alsroot 14:43, 20 September 2011 (EDT)
    However, most 'not tech' people already have an OpenID provider account, and such providers will continue to make that easier (and more secure), all being a cost-free benefit to us. --FGrose 16:04, 20 September 2011 (EDT)
  • Though, similarity between CAS and OpenID is not so obvious, CAS is exactly about "login only once", for OpenID, people need login on every resource. So, see the 1st option for solution. alsroot 18:18, 20 September 2011 (EDT)

Possible solutions:

  • Use CAS/LDAP for all SL applications. Useful for people who prefer login/passwords to get benefits from "login only once". Use OpenID, at least when it is implemented, to rely on particular application for associating OpenID accounts with ones got from CAS/LDAP. For OpenID case, the "login only once" won't work. alsroot 18:18, 20 September 2011 (EDT)