On 2013-09-24 16:39:44 -0700 (-0700), Ryan Lane wrote: [...] > If every application is provider agnostic each one of them will > have their own OpenID consumer interface. This means it's > necessary to make all of them look the same, which requires > modifying a lot of applications. Adding different auth mechanisms > (like persona) means adding it to every single application, too. [...]
This reminds me of yet another point in favor of centralization. We want to be able to correlate information between a user's account in various distributed systems where there is currently no cross-system index mapping them to one another. If all of them use a common OpenID provider then we can key on that, but if they're provider-agnostic then at least some subset of users will authenticate to systems with more than one (potentially to different systems with different providers). Also not mentioned yet in these threads, but one the reasons it was suggested to run our own provider is that we have some services which are not "Web apps" (so not well-suited to OpenID), and we'd like to be able to tie other auth protocols into the same backend eventually to support those systems as well. -- Jeremy Stanley _______________________________________________ OpenStack-Infra mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-infra
