Hi Kealan, Tacitly I’m in agreement, as long as the ‘OIDC’ integration does not preclude someone from using a ‘direct’ integration later. I believe the reason we have the issues with the server at the moment is that the original development team on it went for some hybrid federation model that was completely alien to the rest of the market and hence it worked for no one.
I don’t think the current MFA server is fit for purpose either. The code hasn’t been maintained in some while, it needs an upgrade to work on Python 3.x, doesn’t fit in OIDC, does not work with Apache Web Server, etc. I know there is an OIDC module on web server (mod_oidc) and wonder if we can use this for our purpose? I think Jean-Frederic was working on it at one point. Thanks Brian On 9 Jun 2019, at 16:08, Kealan McCusker wrote: > Hi All > > I would like to start a discussion about what should be in the first > release of the ZKP MFA component of the Milagro server. > > ZKP MFA, at it's simplest, is a drop in replacement for username / > password > that enables multi-factor authentication, no server side hashed > password db > and, best of all, it works in software! > > Here are two ways to integrate ZKP MFA into your system; > > 1. Directly > 2. OpenId Connect (ODIC) > > Obviously, only the second option allows federation of identity. I > propose, > at least initially, that we directly integrate the authentication > server > into a system requiring this service. > > There is also in the current Milagor repo's an old method of > integrating > ZKP MFA. In my view, it is not fit for purpose and should not be > followed. > > Regards > > Kealan
