[Melbourne-pm] Authentication ?

Scott Penrose scottp at dd.com.au
Mon Mar 30 17:46:46 PDT 2009


On 31/03/2009, at 11:18 AM, Daniel Pittman wrote:

> Scott Penrose <scottp at dd.com.au> writes:
>
>> If you wanted to do authentication on apache with the following basic
>> features:
>>
>> * (optional) Ability to register your own account with email token  
>> validation
>> * (optional) ability to use 3rd party accounts (ala OpenID)
>
> You are aware of the weaknesses in the current OpenID protocols, which
> render it a great mechanism for password theft, right?
>
> I certainly wouldn't trust it, until they resolve those, for anything
> requiring more security than you can get without a login.
>
> http://www.links.org/?p=187
> http://www.links.org/?p=188

Yes I am thanks. I want to put together/download a framework that has  
plug-able modules, so OpenID or something else, what ever :-)

>
>> * Password recovery via email token
>> * Apache Module for login & access control
>>
>> It seems that most open source code does authentication &  
>> registration
>> internally.
>
> It certainly does.  When people move away from that the usually move  
> to
> a central SSO solution that allows them to integrate well beyond the
> realm of the web.
>
>> So I am collecting what people would use that is independent of
>> framework or product - but can depend on Apache?
>
> I would probably pick up the Stanford SSO solution:
> http://webauth.stanford.edu/

Thanks that looks good. It certainly has a good set of features. Of  
course I was not specifically after SSO, just user management, but  
will see.

> Alternately, their features page compares them to a number of similar
> large scale authentication solutions.
>
> Debian package it, in unstable and possibly before, and it delivers  
> the
> features you are talking about, more or less...
>
> If all that was too much, though, and given your constraints above,
> I would probably just deploy a random OpenID provider that did what
> I asked, then use only that for authentication.

Thanks Daniel

Scott



More information about the Melbourne-pm mailing list