>From my read of the cosign web site, and looking through the source tarball, I came to some conclusions. I want to confirm that these are not incorrect ones.
(1) The Apache (and other web server) auth modules are more or less out of application control. That is, if I were to use Ruby on Rails and display a page differently if one is logged in vs. not logged in, the Apache module won't help. It would always require logged in users. (2) If implemented as a central login site which then redirected back out to the application sites, the only information sent to the application is the cookie. The application then verifies it once every N minutes with the cosign server. The only information returned here is a simple yes/no. That is, if I need the user's email address each application would have to collect that information after authentication happens, or use some other common database to retrieve it. (3) There is no default functionality in the CGI scripts or anywhere else in the tarball to add "sign up" type functionality. If all these are true, what framework are people using to implement user signup? Something custom per integration? Thanks, --Michael -- (Ruby, Rails, Random) blog: http://skandragon.blogspot.com/ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
