On Sat, Mar 14, 2009 at 8:10 PM, Wesley Craig <[email protected]> wrote: > On 14 Mar 2009, at 20:58, Michael Graff wrote: >> >> (1) The Apache (and other web server) auth modules are more or less >> out of application control. That is, if I were to use Ruby on Rails >> and display a page differently if one is logged in vs. not logged in, >> the Apache module won't help. It would always require logged in >> users. > > AllowPubicAcccess will permit the application to provide differing UIs > depending on whether the user is logged in. Typically, one of the > differences is that logged in users are presented with a "logout" UI item, > while logged out users are presented with a "login" item.
Good news. >> (2) If implemented as a central login site which then redirected back >> out to the application sites, the only information sent to the >> application is the cookie. The application then verifies it once >> every N minutes with the cosign server. The only information returned >> here is a simple yes/no. That is, if I need the user's email address >> each application would have to collect that information after >> authentication happens, or use some other common database to retrieve >> it. > > Cosign says what user is associated with the service cookie and the set of > authentication factors that user has satisfied. If the application wants, > e.g., directory information, the application is responsible for consulting a > directory. That's what I thought. Implementing that is out of scope for the goals of CoSign, which means (to put it simply) that each integration of CoSign would have to add this somehow. >> (3) There is no default functionality in the CGI scripts or anywhere >> else in the tarball to add "sign up" type functionality. > > Cosign Friend provides a facility for email-based guest accounts. Right, but creating those are out of scope for what is supplied in the tarball? That is, it also is something each installation of CoSign would have to implement (the creating of that account info in the MySQL database)? -- Michael (Ruby, Rails, Random) blog: http://skandragon.blogspot.com/ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
