[OpenID] Use of OpenID as private authentication system for my company?
Pat Patterson
Andrew.Patterson at Sun.COM
Fri Sep 7 20:00:47 UTC 2007
Hi Johannes,
Johannes Ernst wrote:
> You know of course, Pat, that virtually all members of this list would
> disagree with you on your assessment of "poor choice". Flame bait! ;-)
>
> I'd think it would be an excellent choice. As Pat points out, not the
> only choice, but certainly a viable one.
Our opinions differ. It would be a dull world if everyone agreed on
everything :-)
> Traditionally this list hasn't been used to discuss particular product
> choices, however.
Indeed - I've taken such discussion offlist.
Cheers,
Pat
> On Sep 7, 2007, at 9:57, Pat Patterson wrote:
>
>> Hi Fox,
>>
>> I would say that OpenID is probably a poor choice for a deployment
>> like this. OpenID explicitly avoids the issue of trust - the ability
>> to ensure that only users that you trust have access to your systems
>> is something that you would have to figure out yourself, although I
>> understand that some or all of the OpenID solutions out there have
>> some measure of 'whitelist' support to control the OPs from which the
>> RPs would accept authenticated users.
>>
>> I would advise you to look at SAML 2.0 for this purpose. SAML 2.0 is
>> widely supported, both in open source and commercial products. It was
>> explicitly designed for the use case you describe. Since we are
>> wandering off-topic for the OpenID list, I'll respond to you
>> personally with links and more information.
>>
>> Cheers,
>>
>> Pat
>>
>> Francis wrote:
>>> Hello,
>>>
>>> My company has many partners/customers and we want to build a single
>>> logon system for them for some kind distributed web apps (under
>>> different domains).
>>>
>>> We don't want to re-invent the wheel and we want high quality
>>> implmentation (i.e. distributed, high performance, security).
>>>
>>> So I have found OpenID seems to be a good reference for my purpose.
>>>
>>> What is your comments about my purpose? Should I use other
>>> products/tools for my purpose instead of OpenId?
>>>
>>> Any comments are welcome.
>>>
>>> Thanks.
>>>
>>> Fox
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>> 使用Y!Mail,給你重重驚喜,更有機會贏 *MacBook*! *立即參加*
>>> ------------------------------------------------------------------------
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>>
>>
>> --
>> Pat Patterson - pat.patterson at sun.com
>> Federation Architect,
>> Sun Microsystems, Inc.
>> http://blogs.sun.com/superpat
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net <mailto:general at openid.net>
>> http://openid.net/mailman/listinfo/general
>
>
>
> Johannes Ernst
> NetMesh Inc.
>
>
> http://netmesh.info/jernst
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
--
Pat Patterson - pat.patterson at sun.com
Federation Architect,
Sun Microsystems, Inc.
http://blogs.sun.com/superpat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070907/2a409229/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070907/2a409229/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070907/2a409229/attachment-0005.gif>
More information about the general
mailing list