Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Web Authorization

by Eyck (Priest)
on Dec 29, 2005 at 06:43 UTC ( #519720=perlquestion: print w/ replies, xml ) Need Help??
Eyck has asked for the wisdom of the Perl Monks concerning the following question:

Esteemed monks, I'm seeking a simple, multi-server, multi-app authorisation method. Those that I know of, are M$ Passport, Liberty Alliance's solution, and Stanford University WebAuth (http://webauthv3.stanford.edu/).

Do monks have any experience with those? Are there others worth mentioning? Why perlmonks isn't using them?

Comment on Web Authorization
Re: Web Authorization
by davido (Archbishop) on Dec 29, 2005 at 07:55 UTC

    Why perlmonks isn't using them?

    Because PerlMonks isn't guarding any significant secrets, besides the combination to the St Wall shrine's maintenance access panel.

    Seriously, we allow posts by Anonymous Monk, which doesn't even require any kind of registration. The site has a moderation policy that seems to work fine for dealing with the occasional grafitti, and we use simple login techniques that also seem to work fine for our lightweight needs.

    The account numbers for the saintly fortunes are all stored off-site. ;)


    Dave

Re: Web Authorization
by aquarium (Curate) on Dec 29, 2005 at 11:27 UTC
    the most used "industry strenght" cross-platform and cross-system authentication systems are: LDAP, Radius, Kerberos....in no particular order. there are perl modules also for the above.
    the hardest line to type correctly is: stty erase ^H
Re: Web Authorization
by jhourcle (Prior) on Dec 29, 2005 at 14:30 UTC

    I'd second Kerberos ... RADIUS and LDAP can handle authentication, but they're not really geared for the same sort of thing (where the authenication service doesn't necessarily trust the server that's doing the authentication).

    As for reasons why Perl Monks isn't using it, I couldn't say, but it was discussed a while back in Single Sign-On?

    As for my experience w/ remote authentication, it's mostly in LDAP, and I've done a little work w/ RADIUS, but I'm no expert in it. (they're simple, and if you control all of the servers that are doing the authentication, they're fine)

Re: Web Authorization
by perrin (Chancellor) on Dec 29, 2005 at 19:54 UTC
    There are dozens of others out there, and they have been listed here before. If you search for Passport I expect you will find the other questions about them.
Re: Web Authorization
by parv (Priest) on Dec 29, 2005 at 21:05 UTC
    Are you really looking for an authORIZation method and not for authENTICation one? Authorization checks if a person is allowed to perform a certain task; while authentication checks if a person really is what they claim to be.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://519720]
Approved by perl_lover
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (5)
As of 2014-07-29 05:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (211 votes), past polls