Hi Hermann. Thanks for your reply. Haven't quite decided on this but I've got things to try that might be more efficient than xmlrpc.

I'm likely to attempt an authentication server with web service style SSO at this point though OpenId is attractive. I don't know if anyone has made a plugin yet for z3 for OpenId but I might try this. I am not sure how OpenId handles different contexts for users at this point (for example being a user at a worksite, and then a public user) though but I will be experimenting with it regardless. Many thanks.


Hermann Himmelbauer wrote:
Am Donnerstag, 10. Mai 2007 18:13 schrieb David Pratt:
Hi. Has anyone got a bit of a blueprint for a remote authentication in
zope 3. I wish to authenticate on a z3 site (site 1) using credentials
stored on a different z3 site (site 2) over the Internet (otherwise
would likely use LDAP). I do not want to maintain users on site 1. I
only want users from a couple of groups on site 2 to be able to access
site 1.

I was thinking of using xmlrpc but will likely use a different transport
with better security and encryption.

To my mind, xmlrpc can also be transported via HTTPS. At a quick glance, I therefore cannot see any security issues. I'd rather think about performance problems.

If HTTPS is no option, a VPN connection between the two servers would probably also be a secure solution.


Zope3-users mailing list

Reply via email to