On 09/24/2013 07:39 PM, Ryan Lane wrote: > On Tue, Sep 24, 2013 at 4:01 PM, Atwood, Mark <[email protected] > <mailto:[email protected]>> wrote: > > | It's actually opposite of how you describe. Writing a good OpenID > consumer > is hard due to user interface design issues, > | especially since most people (even most technical people) have no > idea how > to properly use OpenID. Education efforts > | have been ongoing for 8 years, so that won't really help either. > > Except that in our case, all our apps are *already* OpenID > consumers. There > is no additional education or development needed here. > > Standing up another provider is more work. Making our existing apps be > provider agnostic is less. > > > It's generally less work to use a centralized provider and it's > definitely more friendly to end users. > > If every application is provider agnostic each one of them will have > their own OpenID consumer interface. This means it's necessary to make > all of them look the same, which requires modifying a lot of > applications. Adding different auth mechanisms (like persona) means > adding it to every single application, too. > > By having a centralized provider, you keep the login workflow of > clicking "log in" on any of the applications, which will redirect users > to a consistent login interface. Assuming we wanted to allow OpenID as a > consumer, or persona, we'd only have to add it to a single location, > rather than to every single application we use.
Yes. And if that place itself allows aggregated auth, then fine. _______________________________________________ OpenStack-Infra mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
