Jann Forrer schrieb:
Michael Wechner wrote:
Jann Forrer schrieb:
now that the Shibboleth branch has stabilized, I'd suggest that we
merge it back into the 1.2.x branch (or rather merge the changes from
the 1.2.x branch into the Shibboleth branch and use this as the new
1.2.x branch).
The advantages of the Shibboleth branch are:
* A TransientUser class which allows to authenticate and authorize
users which are not stored in the CMS. This is especially useful to
integrate Lenya in single sign-on environments.
We use the shibboleth-branch in a productive environment. This enables
to grant access to a publication to other swiss University members, or
better all User which are members of the so called AAI Federation (1).
To authenticate and authorize users which are not stored in the CMS is
really a big advantage and opens new possibilities for authentication
and authorisation.
what is the difference to OpenID?
[…]
However I think some of the changes (as e.g. the TransientUser) made for
integrating shibboleth are necessary prerequisite to integrate other
"identity technologies" as OpenID into lenya.
Yes, this is the major benefit of the changes. In fact, last year I
started to migrate the TransientUser concept to Lenya 2.2 and adding an
OpenID module, but I didn't find the time to finish it yet. If anyone
wants to take a look at the current state, check out the
access_control_redesign branch in the sandbox.
-- Andreas
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
Tel.: +41 (0) 43 818 57 01
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
