www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <pque...@apache.org>
Subject Re: Centralised authentication/authorisation
Date Mon, 15 Dec 2008 13:44:06 GMT
Graham Leggett wrote:
> Tony Stevenson wrote:
> 
>> Cool, but we have not yet agreed upon what we are going to be working 
>> towards.  That comes next :-)
> 
> I would argue that agreeing what we are working towards would come first :)
> 
>> Exactly, and even when it does (possibly) exist there is still no need 
>> for authentication, AFAICS.
> 
> We use authnz across the ASF, from bugzilla, to jira, to various 
> continuous integration servers. Facing a similar problem myself (many 
> apps, in different architectures, all trying to maintain their own 
> authnz databases, and with inconsistent support for LDAP), it prompted 
> me to introduce mod_session and mod_auth_form to httpd, and have httpd 
> worry about authnz, and have the underlying apps take for granted that 
> authnz has already happened.

No, we are not going down the path of doing mod_sesion right now.

Keep it simple, keep it bounded, get the core-services running, and skip 
on all this right now.

-Paul


Mime
View raw message