Thanks. I use a web framework called Django. It has its own
authentication. I guess
that means I don't *need* Cosign unless I want to separate out the pieces
as you said for security.
cs
On 07/26/2014 10:54 PM, Richard Conto wrote:
Cosign is a web based single-signon solution for a collection of
related web sites authenticated by a single authentication domain
(userid/password system.) It could use LDAP (or Kerberos or other
authentication technologies) to validate a userid & password.
Cosign uses session cookies to implement authentication tickets, etc.
Strictly speaking, LDAP is a directory for looking things up. You
would still need to develop a mechanism of session tracking for a web
application. There are Apache modules for doing this - and there are
also web frameworks that can use LDAP for authentication as well.
Cosign allows you to separate your authentication store from your
application - which means that if your application gets compromised,
your authentication store isn't.
Shibboleth (which you didn't ask about) is another single-signon web
technology. It's most suitable for a federation of authentication
domains that agree to a common policy of sharing information about the
individuals they vouch for. It requires a lot more resources to
maintain and deploy than Cosign, but offers solves certain kinds of
complicated issues that Cosign can't.
--- Richard Conto
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
