We talked about this with Zephyr, and the deal is - if DFA run Deanster
then it cannot handle Authentication for the Nodes or they would have
to
be vetted by DFA (ie official) so I don't think this is possible.
What about the opposite direction? Can unofficial nodes act as
single-signons for Deanster? All this implies is that Deanster will
trust an external source for identity validation, a necessary component
of any distributed identity framework. To put it another way, how is
this different from Deanster accepting MS Passport validation?
I don't see any problem with the opposite direction. THere shouldnt be
any bad implications of Deanster using trusted node logins that I can
think of. The issue with nodes using Deanster logins is that - if the
nodes authentication is "controlled" by "official" DFA services, then the
nodes must become official / vetted as well. This make sense?
It does make some sense. I think it's a little over-cautious (e.g. MS doesn't have to "endorse" every site that wants to use Passport) but it's not that big a deal. Having it work by allowing local Nodes to be trusted sources for identity is probably better anyway. More of a foundation for distributed architecture.
cheers -josh
