On Tue, Mar 13, 2012 at 3:32 PM, John Erling Blad <[email protected]> wrote:
> > So, since we're discussing SAML and OAuth and OpenID, and such, I > > should mention this: > > > > http://simplesamlphp.org/ > > > > It supports SAML, OpenID, OAuth, it's extendable and it supports > > multiple backends (LDAP, MySQL, etc). It is also localizable. > > > > - Ryan > > That one is interesting for the Norwegian Wikipedia community as it > would make it possible to log into Wikipedia from the identity > federation system used in Norwegian schools. That is we would be able > to block individual students that are trolling instead of whole > schools. > Good to know. :) There's really two separate things that these systems can do. The classic OAuth scenario is like this: site A: Wikipedia user A site B: Huggle Site B initiates a special login on site A using a shared secret; on success, site A passes back authentication tokens to site B which verify that user A allowed site B access. Site B then uses those tokens when it accesses site A, in place of a username/password directly. OpenID, SAML, etc seem to be more appropriate for this scenario: site A: Wikipedia site B: University user B These systems allow user B to verify their identity to site A; one possibility is to use this to associate a user A' with the remote user B, letting you use the remote ID verification in place of a local password authentication. (This is what our current OpenID extension does, basically.) These are, IMO, totally separate use cases and I'm not sure they should be treated the same. -- brion _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
