[Systers-dev] Considering LDAP and OpenID
Jennifer Redman
jenred at gmail.com
Wed May 27 17:33:33 PDT 2009
Hi Sarah,
On Wed, May 27, 2009 at 5:13 PM, Sarah Mei <sarahmei at gmail.com> wrote:
> Sorry if I'm coming into this conversation late.
We are actually just getting started.
>
>
> Is the goal to allow single sign-on to several Systers-related sites,
> for Systers members, without making them register for each site?
>
Yes, but using Mailman member information (uid and password) as the starting
point.
>
> And/or, do you want to allow Systers to use the Systers OpenID
> provider for other services that take OpenID? I'm thinking of
> non-Systers-affiliated sites like Stack Overflow.
This is a question we are working on answering. What do you think?
> I've never seen a site that accepted OpenLDAP credentials, so I can't
> comment on that, but OpenID is decently standard. Wordpress,
> mediawiki, etc., all have plugins that convert the user registrations
> system to open ID. You might need to hack the plugins a little to
> restrict the list of providers to just Systers.
OpenLDAP would be used primarily for authenticating against specific
applications for Systers running on Systers' infrastructure. For example,
we set up Mediawiki for Systers to use and then use OpenLDAP as our
authentication tool. (Could also be any of the major CMS's.)
One of the questions is would Systers be interested in having a "Systers"
OpenID that they could use to authenticate against other non-Systers sites,
and if so what are the implications of running an OpenID Identity Provider
(security and system overhead).
Do you know if there is way to restrict people accessing Systers
infrastructure with their non-Systers OpenID? Maybe configuring the
application or framework to accept only Systers as the OpenID Identity
Provider?
Thanks,
Jen
More information about the Systers-dev
mailing list