[OpenID] Use of OpenID as private authentication system for my company?

[Pat Patterson]

Hi Fox,

I would say that OpenID is probably a poor choice for a deployment like
this. OpenID explicitly avoids the issue of trust - the ability to
ensure that only users that you trust have access to your systems is
something that you would have to figure out yourself, although I
understand that some or all of the OpenID solutions out there have some
measure of 'whitelist' support to control the OPs from which the RPs
would accept authenticated users.

I would advise you to look at SAML 2.0 for this purpose. SAML 2.0 is
widely supported, both in open source and commercial products. It was
explicitly designed for the use case you describe. Since we are
wandering off-topic for the OpenID list, I'll respond to you personally
with links and more information.

Cheers,

Pat

Francis wrote:
> Hello,
> My company has many partners/customers and we want to build a single
> logon system for them for some kind distributed web apps (under
> different domains).
> We don't want to re-invent the wheel and we want high quality
> implmentation (i.e. distributed, high performance, security).
> So I have found OpenID seems to be a good reference for my purpose.
> What is your comments about my purpose? Should I use other
> products/tools for my purpose instead of OpenId?
> Any comments are welcome.
> Thanks.
> Fox
>
> ------------------------------------------------------------------------
> 使用Y!Mail，給你重重驚喜，更有機會贏 *MacBook*! *立即參加*
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>   

-- 
Pat Patterson - pat.patterson at sun.com
Federation Architect,
Sun Microsystems, Inc.
http://blogs.sun.com/superpat

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070907/9ab3f7e6/attachment-0002.htm>