Michael Wechner wrote:
Jann Forrer schrieb:
now that the Shibboleth branch has stabilized, I'd suggest that we
merge it back into the 1.2.x branch (or rather merge the changes from
the 1.2.x branch into the Shibboleth branch and use this as the new
1.2.x branch).
The advantages of the Shibboleth branch are:
* A TransientUser class which allows to authenticate and authorize
users which are not stored in the CMS. This is especially useful to
integrate Lenya in single sign-on environments.
We use the shibboleth-branch in a productive environment. This enables
to grant access to a publication to other swiss University members, or
better all User which are members of the so called AAI Federation (1).
To authenticate and authorize users which are not stored in the CMS is
really a big advantage and opens new possibilities for authentication
and authorisation.
what is the difference to OpenID?
I do not know OpenID very well but as far as I know one of the main
problem at the moment is the missing trust infrastructure for OpenID
Providers.
On the other hand shibboleth (which is the software used within the AAI
federations) uses the existing Identiy Provider of the respecitve
University.
But the main reason for us to use shibboleth instead of an other
technologie is simply the fact that the AAI-Federations, where all Swiss
University and most of the "Fachhochschulen" participates, uses shibboleth.
However I think some of the changes (as e.g. the TransientUser) made for
integrating shibboleth are necessary prerequisite to integrate other
"identity technologies" as OpenID into lenya.
In the context of identity systmes Microsofts Card Space authentication
system seems to be a promising candidate (Card Space is even based on
open standards). It is anyway interesting to read Kim Camerson blog
about the Laws of Identity (http://www.identityblog.com/?p=352).
Jann
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
