Twas brillig at 12:53:42 29.05.2007 UTC+01 when James Aylett did gyre and gimble:
>> DL> And if you don't know what OpenID is: >> DL> http://simonwillison.net/2006/Dec/19/openid/ >> >> Single identity and single sign-on are the quite orthogonal things. JA> Isn't one usually a subset of the other? I can't think of a way of doing JA> SSO without single identity, unless you do it without doing separate JA> identities. Well, I've seen ad-hoc SSO solutions with N apps doing the NxN cross-application session management :) JA> So they're orthogonal sometimes, but in the general case they're actually JA> not (because in the general case you want to identify granularly, then JA> apply group membership and similar aspects of identity to determine JA> authentication; so you want SSO to work at the level of single identity). OpenID does not provide SSO functionality itself, so it is just not enough to solve the problem (I suppose the problem is "log on once, and then navigate between applications without the need to manually identify or authenticate myself in any other application"): you need some additional layer (such as central relay keeping global session cookies) to implement SSO with OpenID, and I'm not sure it is possible with OpenID protocol. And yes, OpenID provides single identity and you may implement authorization on top of it, if it is everything what's needed. JA> I'm probably missing something here... Nevermind, I just nitpicked :) -- JID: [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---