SSO (was: Re: [DesDev] What's next?)

[Seb]

> So, given that we are likely to run a number of sub-sites on servers not
> located on the same immediate network, using varying backend
> applications, the SSO is achievable.
>
> Using what? Cookies?


Well, for the client-side 'remembering who the person is', that might be 
one solution.

The much more pressing issue is the authentication system to use, and how 
it can be implemented across a range of applications, platofrms, and 
networks. The most logical approach to take is to separate this out into a 
standardised directory service, such as LDAP, which can provide cross- 
domain authentication and rights management. (Not considering things like 
user bios, site-specific data, etc, which in a heterogenous environment 
would need to made available in some kind of web-service fashion, more on 
this later.)

Directory services based on LDAP are platform portable, available for free, 
and were designed for this purpose. The alternative is to attempt to 
specify and build something ourselves, which is a larger burden in terms of 
time and resources that could be better focussed on making the more 
difficult things work.



-- 
http://poked.org