> Your proposal sounds strikingly similar to the CAS protocol,
> http://www.jasig.org/cas/protocol. Have you studied it carefully
> enough to identify inefficiencies that can be corrected without loss
> of functionality? If you believe that is the case, please write up a
> detailed functional spec for the changes and send it to the cas-dev
> list where we may discuss it further.
Similar, yes, and yet different, and I could be entirely wrong, I am
just trying to better understand, sorry if I sound confrontational.
My thought:
Application is accessed, not logged in.
Application contacts the server on the backend, gets a temp token.
Application stores the temp token, probably in a cookie.
Application redirects to login server.
Login server authenticates, storing temp token against login token.
Login server redirects to app (no token in url)
Application sees temp token, checks against backend, gets login token.
Temp token is invalidated, login token is stored.
Successive accesses to the app cause single validation of login token
against backend, if logged out, repeat process.
This would not only prevent the need for the redirects combined with
a backend call, but would make things like AJAX calls work better (I
believe). Single sign out would become a non issue, and login caching
would be much less necessary.
I would not be surprised if I have missed something and am totally
wrong, but I can't see any more holes in it than the existing system.
--
www.suave.net - Anthony Ball - [email protected]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Classic: A book which people praise and don't read... - Mark Twain
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
