httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mehan <s...@smo.uhi.ac.uk>
Subject Authentication Needs for Apache: Was Re: Puzzling News
Date Tue, 01 Mar 2005 14:52:17 GMT
Just a pointer to something that is gaining a bit of ground in various  
circles:


http://www.oasis-open.org/committees/download.php/11511/sstc-saml-tech- 
overview-2.0-draft-03.pdf

found at

http://www.oasis-open.org/committees/documents.php?wg_abbrev=security


This is about SAML, a vocabulary for exchange of authentication and  
authorization data about users trying to access resources.
With this capability built in, one can write policies for users  
originating from other sites.

There is an implementation of this for what used to be called  
(resource) targets, now called SP [service provider]s, which compiles  
and runs under apache 1.3/2.0
found at http://shibboleth.internet2.edu/

regards,
sean

On 1 Mar 2005, at 14:18, Graham Leggett wrote:

> Paul A Houle said:
>
>>       I think of all the features that web site authors and developers
>> need that still don't exist in mainstream web servers;  part of this
>> is in the area of "content management" and another major are is
>> authentication -- pretty much any serious interactive web site needs
>> a cookie-based authentication system with the features seen on big
>> sites like amazon.com and yahoo!  and one of the reasons there is so
>> little code reuse on the web is that every application winds up
>> impementing it's own authentication system;  if there was something
>> really good built into a market-leading web server,  this picture
>> would change completely.
>
> The trouble with the authentication problem is that the credentials  
> used
> for authentication are often used for way more than just finding out
> whether a user has access. That said, this is definitely a very useful
> addition.
>
> Something like an auth module that can do "form based" auth, in  
> addition
> to "basic" and "digest" etc would probably be very useful.
>
> Regards,
> Graham
> --
>
>


Mime
View raw message