On 14 Mar 2009, at 20:58, Michael Graff wrote: > (1) The Apache (and other web server) auth modules are more or less > out of application control. That is, if I were to use Ruby on Rails > and display a page differently if one is logged in vs. not logged in, > the Apache module won't help. It would always require logged in > users.
AllowPubicAcccess will permit the application to provide differing UIs depending on whether the user is logged in. Typically, one of the differences is that logged in users are presented with a "logout" UI item, while logged out users are presented with a "login" item. > (2) If implemented as a central login site which then redirected back > out to the application sites, the only information sent to the > application is the cookie. The application then verifies it once > every N minutes with the cosign server. The only information returned > here is a simple yes/no. That is, if I need the user's email address > each application would have to collect that information after > authentication happens, or use some other common database to retrieve > it. Cosign says what user is associated with the service cookie and the set of authentication factors that user has satisfied. If the application wants, e.g., directory information, the application is responsible for consulting a directory. > (3) There is no default functionality in the CGI scripts or anywhere > else in the tarball to add "sign up" type functionality. Cosign Friend provides a facility for email-based guest accounts. :wes ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
