[OpenID] Use of OpenID as private authentication system for my company?

Fri Sep 7 17:31:47 UTC 2007

You know of course, Pat, that virtually all members of this list  
would disagree with you on your assessment of "poor choice". Flame  
bait! ;-)

I'd think it would be an excellent choice. As Pat points out, not the  
only choice, but certainly a viable one.

Traditionally this list hasn't been used to discuss particular  
product choices, however.

On Sep 7, 2007, at 9:57, Pat Patterson wrote:

> Hi Fox,
>
> I would say that OpenID is probably a poor choice for a deployment  
> like this. OpenID explicitly avoids the issue of trust - the  
> ability to ensure that only users that you trust have access to  
> your systems is something that you would have to figure out  
> yourself, although I understand that some or all of the OpenID  
> solutions out there have some measure of 'whitelist' support to  
> control the OPs from which the RPs would accept authenticated users.
>
> I would advise you to look at SAML 2.0 for this purpose. SAML 2.0  
> is widely supported, both in open source and commercial products.  
> It was explicitly designed for the use case you describe. Since we  
> are wandering off-topic for the OpenID list, I'll respond to you  
> personally with links and more information.
>
> Cheers,
>
> Pat
>
> Francis wrote:
>> Hello,
>>
>> My company has many partners/customers and we want to build a  
>> single logon system for them for some kind distributed web apps  
>> (under different domains).
>>
>> We don't want to re-invent the wheel and we want high quality  
>> implmentation (i.e. distributed, high performance, security).
>>
>> So I have found OpenID seems to be a good reference for my purpose.
>>
>> What is your comments about my purpose? Should I use other  
>> products/tools for my purpose instead of OpenId?
>>
>> Any comments are welcome.
>>
>> Thanks.
>>
>> Fox
>>
>>
>>
>>
>> 使用Y!Mail，給你重重驚喜，更有機會贏 MacBook! 立 
>> 即參加
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>
> -- 
> Pat Patterson - pat.patterson at sun.com
> Federation Architect,
> Sun Microsystems, Inc.
> http://blogs.sun.com/superpat
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general

Johannes Ernst
NetMesh Inc.

 http://netmesh.info/jernst

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070907/d475133d/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-relying-party-authenticated.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070907/d475133d/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070907/d475133d/attachment-0005.gif>