Cosign is a web based single-signon solution for a collection of related
web sites authenticated by a single authentication domain (userid/password
system.) It could use LDAP (or Kerberos or other authentication
technologies) to validate a userid & password.
Cosign uses session cookies to implement authentication tickets, etc.
Strictly speaking, LDAP is a directory for looking things up. You would
still need to develop a mechanism of session tracking for a web
application. There are Apache modules for doing this - and there are also
web frameworks that can use LDAP for authentication as well.
Cosign allows you to separate your authentication store from your
application - which means that if your application gets compromised, your
authentication store isn't.
Shibboleth (which you didn't ask about) is another single-signon web
technology. It's most suitable for a federation of authentication domains
that agree to a common policy of sharing information about the individuals
they vouch for. It requires a lot more resources to maintain and deploy
than Cosign, but offers solves certain kinds of complicated issues that
Cosign can't.
--- Richard Conto
DNA Sequencing Core
Biomedical Research Core Facilities
Medical School Administration Office of Research
NCRC Bldg 14 room 168 -- (734) 764-7620
On Sat, Jul 26, 2014 at 10:49 PM, Christian Seberino <cseber...@gmail.com>
wrote:
> I'm trying to decide between Cosign and LDAP for a web grading app
> called Webwork.
>
> I'm not sure why Cosign exists since isn't this what LDAP is for?
> Perhaps it is easier? better?
>
> Thanks,
>
> cs
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> Cosign-discuss mailing list
> Cosign-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
