Hey Joe, When I was at MIT we used certificates for multi-domain SSO authentication (and authorization). I also have looked into other types of SSO schemes and from a security and implementation stand-point certificates look to be the best tool for the job. Here is a link to MIT's user documentation on their certificate system: http://web.mit.edu/ist/topics/certificates/
As far as the technical implementation goes, I found a lot of good information by Googling. But if you contact someone in MIT's IT group I'm sure they could provide some specifics on their implementation. I'm not sure it could be implemented using Network Solutions type hosting service, but something like SSO across multiple domains would require a more extensive setup then they could provide anyways. -Tim --------------------------- Timothy Boyden Network Administrator SuperCoups(r) 350 Revolutionary Drive | E. Taunton, MA 02718 508-977-2034 | www.supercoups.com We Support Alex's Lemonade Stand Foundation, "Fighting Childhood Cancer One Cup At A Time" Donations Accepted at: www.firstgiving.com/SuperCoups --------------------------- Local Coupons. Super Savings.(r) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joseph Crawford Sent: Monday, April 09, 2007 11:19 AM To: NYPHP Talk Subject: [nyphp-talk] Single Sign On Questions Guys, We are going round and round with the methods for SSO. Can something like this be done? EREJobs.com will include a file from ERE.net, the file on ERE.net executes on the ere.net domain while doing so can it read the ere.net cookie? I know that is probably not allowed due to XSS. We have looked into Open SSO and even the chapter from Advanced PHP Programming on SSO however that leads to issues when using multiple sites. For instance you go to erejobs.com and login, it directs you to ere.net authenticates you, sets a cookie for ere.net and back to erejobs where a cookie is set. However if you then go to another site say eredirectory.com it will not see you logged in because no cookie is set so you again have to click the login button. You wont have to login because the ere.net cookie exists it will just redirect you back to eredirectory but it seems like a rats nest we will get into. Any ideas on how else to accomplish something like this? -- Joseph Crawford Jr. Zend Certified Engineer Codebowl Solutions, Inc. http://www.codebowl.com/ Blog: http://www.josephcrawford.com/ 1-802-671-2021 [EMAIL PROTECTED] _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
