[Melbourne-pm] Authentication ?
scottp at dd.com.au
Mon Mar 30 17:46:46 PDT 2009
On 31/03/2009, at 11:18 AM, Daniel Pittman wrote:
> Scott Penrose <scottp at dd.com.au> writes:
>> If you wanted to do authentication on apache with the following basic
>> * (optional) Ability to register your own account with email token
>> * (optional) ability to use 3rd party accounts (ala OpenID)
> You are aware of the weaknesses in the current OpenID protocols, which
> render it a great mechanism for password theft, right?
> I certainly wouldn't trust it, until they resolve those, for anything
> requiring more security than you can get without a login.
Yes I am thanks. I want to put together/download a framework that has
plug-able modules, so OpenID or something else, what ever :-)
>> * Password recovery via email token
>> * Apache Module for login & access control
>> It seems that most open source code does authentication &
> It certainly does. When people move away from that the usually move
> a central SSO solution that allows them to integrate well beyond the
> realm of the web.
>> So I am collecting what people would use that is independent of
>> framework or product - but can depend on Apache?
> I would probably pick up the Stanford SSO solution:
Thanks that looks good. It certainly has a good set of features. Of
course I was not specifically after SSO, just user management, but
> Alternately, their features page compares them to a number of similar
> large scale authentication solutions.
> Debian package it, in unstable and possibly before, and it delivers
> features you are talking about, more or less...
> If all that was too much, though, and given your constraints above,
> I would probably just deploy a random OpenID provider that did what
> I asked, then use only that for authentication.
More information about the Melbourne-pm