[development] Re: OpenID

[Eric Drechsel]

On 7/31/06, Arnab Nandi <arnab at arnab.org> wrote:
> (conversation fork)
>
> While we're talking about authentication systems, I thought it would
> be relevant to mention "Cosign" ( http://weblogin.org ):
>
> "An open source project originally designed to provide the University
> of Michigan with a secure single sign-on web authentication system.
> Cosign is part of the National Science Foundation Middleware
> Initiative (NMI)"
>
> This is a single-point auth system, in contrast to OpenID, which does
> the opposite. However, this is extremely useful in institutions
> (universities, companies, etc) where there is a universal login system
> already in place. (All of UofM's ITservices use this)
>
> I haven't seen any Drupal client implementations that implement this;
> does anyone know of one?
>
> -Arnab
> (note: i am not related to the cosign project in any way)
>

We're using JVD's pubcookie module at PSU to tie in with SSO.
Pubcookie is  a product of UW, similar I think to Cosign . Another
option is to skip the middleman and go directly to LDAP (well
supported).

Note: the author does not particularly like the mess of C-code and
compiled templates that make up the pubcookie system.

Actually Arnab, OpenID might be a very good option in an environment
where identity is managed centrally. Central IT manages the directory
of identity URLs as a trusted service, and each identity URL points to
the OpenID authentication server.

Advantages over the various niche SSO packages:
++ Not Icky
+ Allows org members to use their institutional identity to sign into
OpenID consumer sites throughout the web (the marketing dept likes
this)

Meanwhile, I'm stuck with pubcookie for now...

Eric Drechsel