Jann Forrer schrieb:
Michael Wechner wrote:
Jann Forrer schrieb:
now that the Shibboleth branch has stabilized, I'd suggest that we
merge it back into the 1.2.x branch (or rather merge the changes from
the 1.2.x branch into the Shibboleth branch and use this as the new
1.2.x branch).
The advantages of the Shibboleth branch are:
* A TransientUser class which allows to authenticate and authorize
users which are not stored in the CMS. This is especially useful to
integrate Lenya in single sign-on environments.
We use the shibboleth-branch in a productive environment. This enables
to grant access to a publication to other swiss University members, or
better all User which are members of the so called AAI Federation (1).
To authenticate and authorize users which are not stored in the CMS is
really a big advantage and opens new possibilities for authentication
and authorisation.
what is the difference to OpenID?
I do not know OpenID very well but as far as I know one of the main
problem at the moment is the missing trust infrastructure for OpenID
Providers.
I am not sure I really understand what you mean with "missing trust
infrastructure", but I would consider
http://openid.net/get/
quite a good start
On the other hand shibboleth (which is the software used within the
AAI federations) uses the existing Identiy Provider of the respecitve
University.
there is plenty of OpenID provider software such each university could
set one up, for example
http://code.sxip.com/openid4java/apidoc/org/openid4java/server/package-summary.html
But the main reason for us to use shibboleth instead of an other
technologie is simply the fact that the AAI-Federations, where all
Swiss University and most of the "Fachhochschulen" participates, uses
shibboleth.
However I think some of the changes (as e.g. the TransientUser) made
for integrating shibboleth are necessary prerequisite to integrate
other "identity technologies" as OpenID into lenya.
In the context of identity systmes Microsofts Card Space
authentication system seems to be a promising candidate (Card Space is
even based on open standards). It is anyway interesting to read Kim
Camerson blog about the Laws of Identity
(http://www.identityblog.com/?p=352).
thanks for this pointer
Michael
Jann
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lenya.apache.org
For additional commands, e-mail: dev-h...@lenya.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lenya.apache.org
For additional commands, e-mail: dev-h...@lenya.apache.org
