[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Auth]a couple of questions and suggestions

From: Ryan Muldoon
Subject: [Auth]a couple of questions and suggestions
Date: Thu, 12 Jul 2001 13:01:13 -0500

I apologize for cross-posting, but I felt that this was relevant to both

I am intruigued by the dot-GNU initiative, and I hope that it is a fruitful
endeavor.  That said, I am concerned that right now it is extremely
nebulous.  What are the goals?  "Beat Microsoft" isn't a good one.  As I am
sure that this list has Architects more experienced than me, it should be
clear that the only way to accomplish anything is if there are well-defined
project goals.

One goal is a replacement for the Passport services.  Is this the only goal?
Personally, I would suggest that this remain the only goal until it is
completed, as it is a fairly huge task in of itself.

Passport's goals break down into several categories, all of which are rich
problem spaces:
1. Authentication services.
2. Authorization services.
3. Data storage.
4. APIs for taking advantage of the above

These are hard problems to solve.  Rather than working completely from
scratch, I would suggest that besides just looking at what is published of (it is essentially a ticket-granting ticket model - Kerberos
over cookies, which is what most single sign-on systems use), look at what
else is out there, and perhaps collaborate with existing groups.

The University of Washington has a program called "PubCookie" that
implements a single sign-on system.  NCSU has another single sign-on system,
called "WASP."  More interestingly, however, is a new group under the
Internet2 MACE umbrella - "web-iso."  The stated goal is to make a standard
single sign-on system with an open source license.  The license would likely
either be BSD or GPL.
It should be noted that web-iso is meant to be for the intra-domain case.

Also under the Internet2 MACE umbrella is the Shibboleth project.  It is
meant to solve the inter-domain problems of web-iso, and also add in some
means for Authorization.

It would be worthwhile to see what goals you have in common with these
projects, and see how you can possibly work with them.

I hope this email was of use.  I am not subscribed to either mailing list,
so please CC me in any replies.  Thanks!

        --Ryan Muldoon

reply via email to

[Prev in Thread] Current Thread [Next in Thread]