[Melbourne-pm] Authentication ?
Scott Penrose
scottp at dd.com.au
Mon Mar 30 17:46:46 PDT 2009
On 31/03/2009, at 11:18 AM, Daniel Pittman wrote:
> Scott Penrose <scottp at dd.com.au> writes:
>
>> If you wanted to do authentication on apache with the following basic
>> features:
>>
>> * (optional) Ability to register your own account with email token
>> validation
>> * (optional) ability to use 3rd party accounts (ala OpenID)
>
> You are aware of the weaknesses in the current OpenID protocols, which
> render it a great mechanism for password theft, right?
>
> I certainly wouldn't trust it, until they resolve those, for anything
> requiring more security than you can get without a login.
>
> http://www.links.org/?p=187
> http://www.links.org/?p=188
Yes I am thanks. I want to put together/download a framework that has
plug-able modules, so OpenID or something else, what ever :-)
>
>> * Password recovery via email token
>> * Apache Module for login & access control
>>
>> It seems that most open source code does authentication &
>> registration
>> internally.
>
> It certainly does. When people move away from that the usually move
> to
> a central SSO solution that allows them to integrate well beyond the
> realm of the web.
>
>> So I am collecting what people would use that is independent of
>> framework or product - but can depend on Apache?
>
> I would probably pick up the Stanford SSO solution:
> http://webauth.stanford.edu/
Thanks that looks good. It certainly has a good set of features. Of
course I was not specifically after SSO, just user management, but
will see.
> Alternately, their features page compares them to a number of similar
> large scale authentication solutions.
>
> Debian package it, in unstable and possibly before, and it delivers
> the
> features you are talking about, more or less...
>
> If all that was too much, though, and given your constraints above,
> I would probably just deploy a random OpenID provider that did what
> I asked, then use only that for authentication.
Thanks Daniel
Scott
More information about the Melbourne-pm
mailing list