Difference between revisions of "Infrastructure Team/Central Login"

Revision as of 11:35, 20 September 2011

This is initiative to permit a user to access multiple SL resources while providing their credentials (such as userid and password) only once.

Preliminary list of possible front-end methods to authenticate users.

For now https://obs.sugarlabs.org requires Basic HTTP Auth.
CAS, the most common method, with a requirement to provide login/password, is useful for people who are not arriving from a Sugar Shell instance (and so, Sugar's certificate-based method does not work implicitly for them), and for casual visitors or those wishing to avoid the technical work of taking care of user side certificates.
Users certificates are useful for people who need to be authenticated from a Sugar Shell where Sugar might perform some authentication routines under the hood.

@@ Line 18: / Line 18: @@
 * For now https://obs.sugarlabs.org requires Basic HTTP Auth.
-* CAS, most regular way with a need to provide login/password, useful for people who are out of Sugar Shell (and certificate based method does not work implicitly) and either casual visitor or not technical skilled enough to take care about user side certificates.
+* CAS, the most common method, with a requirement to provide login/password, is useful for people who are not arriving from a Sugar Shell instance (and so, Sugar's certificate-based method does not work implicitly for them), and for casual visitors or those wishing to avoid the technical work of taking care of user side certificates.
-* Users certificates, useful for people who need to be authenticated from Sugar Shell when Sugar might do some routines under the hood.
+* Users certificates are useful for people who need to be authenticated from a Sugar Shell where Sugar might perform some authentication routines under the hood.
 == Authenticate back-end ==
 * ldap.sugarlabs.org