[OpenID] Private Federation solution using OpenID

John Bradley ve7jtb at ve7jtb.com
Tue May 8 15:29:06 UTC 2012 

There are specs available on the OIDF website.

I would not recommend you doing it yourself.  There are a number of existing open source libraries to start from, or commercial products that can integrate to your AD or other internal directory.

Building not yourself without proper testing may not have a happy security outcome.

You also need to check with the SaaS provider to see what they support, some may still only support SAML.

John B.

On 2012-05-08, at 11:08 AM, Matheus Eduardo Bonifacio Morais wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Thanks for your reply John, the scenario is exactly what you described.
> We will be the OpenID provider and the SaaS will be the relying party.
> Do you know if there is some documentation already written on how to
> implement an OpenID provider from scratch? I mean, just the auth
> specification should be enough?
> 
> Thanks.
> 
> Em 08-05-2012 11:48, John Bradley escreveu:
>> If the SaaS provider is the RP and your company is the OP there is nothing that requires you to release any attributes to the SaaS provider via openID.
>> 
>> I don't think there is anything to stop you from doing that.
>> 
>> John B.
>> 
>> On 2012-05-08, at 10:18 AM, Matheus Eduardo Bonifacio Morais wrote:
>> 
>>> 
>> Hi there,
>> 
>> I work for a company which is looking for a federation solution to
>> SaaS applications used internally by the employees. For our use case
>> is mandatory that the user data could keep in private and the SaaS
>> provider must not have access to it. I was thinking to use OpenID
>> because is well written and the most important part, it is an
>> open-standard. For what I understood by reading the protocol
>> specification, this is not a goal of OpenID.
>> 
>> I would like to know if is possible to implement that kind of solution
>> and If I'm not hurting the main project goals as long as I will not
>> allow everyone to sign-in using an OpenID compatible account.
>> 
>> Thanks.
>> 
> Esta mensagem é somente para uso do destinatário informado e pode conter
> informações privilegiadas, proprietárias, ou privadas. Se você recebeu
> esta mensagem por engano, por favor notifique o remetente imediatamente
> e apague a original. Qualquer uso deste email é proibido.
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you have
> received it in error, please notify the sender immediately and delete
> the original. Any other use of the email by you is prohibited.
>>> 
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
> 
> - --
> Classificação da Informação: Uso Interno
> 
> Matheus Morais
> Infraestrutura de TI
> Confederação SICREDI – Porto Alegre
> 51 3358-4700 ramal 7190
> 
> www.sicredi.com.br
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iQEcBAEBAgAGBQJPqTboAAoJEJaxmh5NVUojYkAH/30F8Cs4r5m8PqNrrpWLKAo8
> 4VWC5DUK6mo9LUTmgcfTagFLqa766LrsBWiiV3dSPX0DYLz6B/DQKsw+7gz9VMhU
> /shlz7omd5Mxl48o7x+uaxj7ufF0SdlgH20QlAj7D06GdqLXy81A2+uvql/87Xrz
> 8UgEKq+VQTi4p740xBKmonM0FpLTIsapQ3YOO/0Ul/zeFM1Q7rmBZfyOD3BRemPf
> 0jKjZcAnUHeUmV8R1per5k8ebjSlgIy/+3258VYy3LN5GYR+FHUj1kF4F4OKvVOg
> TQLVtg797tic20nSmZwQ1vLyYcDxhmO5RoHK2uYSeH1SbcCKQYGIpmytpWLmjWQ=
> =dTXs
> -----END PGP SIGNATURE-----=
> Esta mensagem é somente para uso do destinatário informado e pode conter informações privilegiadas, proprietárias, ou privadas. Se você recebeu esta mensagem por engano, por favor notifique o remetente imediatamente e apague a original. Qualquer uso deste email é proibido.
> This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4937 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20120508/2f42b2da/attachment.p7s>

More information about the general mailing list