[Admin-discuss] Web Forums - Authentication and Security

Richard Dalton dfens270 at gmail.com
Mon Apr 26 09:53:30 IST 2010


Very little would support SAML, and everything would support openid. I
think it's really down to what you're gonna be want to end up writing
yourself versus having other people maintain. openid still has far
more exposure meaning it's probably a better offer for the members as
a provider. And in general I think more people would know openid than
have heard of SAML.

On Mon, Apr 26, 2010 at 8:35 AM, Fergus Donohue <Fergus.Donohue at dcu.ie> wrote:
> Maybe I'm misunderstanding what you mean, but it's used for a lot of
> non-intranet applications. Examples include Google Apps (as deployed for
> DCU students), most educational federations (for example the Irish
> Edugate which is under development) and any other application which can
> be shibbolised (?).
>
> Thanks,
>
> Fergus.
>
> Craig Christopher Martin Gavagan Mac Entee wrote:
>> Correct me if I'm wrong but the last time I heard SAML isn't great
>> beyond the intranet level...
>>
>> Craig
>>
>> On Mon, Apr 26, 2010 at 07:00:53AM +0100, Fergus Donohue wrote:
>>
>>> Just out of curiosity - why OpenID and not SAML?
>>>
>>> Thanks,
>>>
>>> Fergus.
>>>
>>> elephant wrote:
>>>
>>>> On Sat, Apr 24, 2010 at 03:52:38PM +0100, kat farrell wrote:
>>>>
>>>>
>>>>> On 23 April 2010 22:17, Sean <revenant at redbrick.dcu.ie> wrote:
>>>>>
>>>>>
>>>>>
>>>>>> Hi
>>>>>>
>>>>>> As you may have heard, the committee are optioning installing a web based
>>>>>> forum for their users to use for discussing various topics, much like the
>>>>>> existing nntp based boards.
>>>>>>
>>>>>> The type of forum will most likely be vBulletin, though PHPBB and SMF
>>>>>> haven't been completely written off.
>>>>>>
>>>>>>
>>>>>>
>>>>> These are all ugly... Is someone willing to theme them? >.>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> The issue is how to manage user authentication.
>>>>>>
>>>>>> The board will probably be going behind pubcookie. While this makes it less
>>>>>> convenient for the users, there are benefits of privacy and additional
>>>>>> security.
>>>>>>
>>>>>> Two options were suggested for user management on the board itself.
>>>>>>
>>>>>> The first would be to install a quick plug in to allow authentication from
>>>>>> though LDAP. User accounts would be created automatically. This seems
>>>>>> relatively straightforward, though it's potential insecurity has been
>>>>>> pointed out.
>>>>>>
>>>>>> Another option suggested by a few people is to implement a Redbrick OpenID
>>>>>> provider and force the board to only accept redbrick openids. This sounds
>>>>>> kind of interesting to me.
>>>>>>
>>>>>>
>>>>>>
>>>>> ++ on this, moving away from hacking pubcookie would be great, not to
>>>>> mention having an OpenID service would be awesome.
>>>>>
>>>>>
>>>> Another +1. OpenID is great, extremely easy to authenticate with :D
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>>> Thoughts, advice, opinions?
>>>>>>
>>>>>>
>>>>>>
>>>>> and the divide grows larger :)...
>>>>>
>>>>>
>>>>>
>>>>>> Seán
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Admin-discuss mailing list
>>>>>> Admin-discuss at lists.redbrick.dcu.ie
>>>>>> http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> --
>>>>> Webmaster DCU Networking Society
>>>>> Webmaster DCU Film Society
>>>>>
>>>>>
>>>>
>>>>
>>>>> _______________________________________________
>>>>> Admin-discuss mailing list
>>>>> Admin-discuss at lists.redbrick.dcu.ie
>>>>> http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Admin-discuss mailing list
>>>> Admin-discuss at lists.redbrick.dcu.ie
>>>> http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
>>>>
>>>>
>>> --
>>> Fergus Donohue,
>>> Infrastructure and Operations Manager,
>>> Information Systems & Services,
>>> Dublin City University (DCU)
>>> T: +353-(0)1-7005509 F: +353-(0)1-7005697
>>>
>>>
>>> _______________________________________________
>>> Admin-discuss mailing list
>>> Admin-discuss at lists.redbrick.dcu.ie
>>> http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
>>>
>>>
>>
>> _______________________________________________
>> Admin-discuss mailing list
>> Admin-discuss at lists.redbrick.dcu.ie
>> http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
>>
>
>
> --
> Fergus Donohue,
> Infrastructure and Operations Manager,
> Information Systems & Services,
> Dublin City University (DCU)
> T: +353-(0)1-7005509 F: +353-(0)1-7005697
>
>
> _______________________________________________
> Admin-discuss mailing list
> Admin-discuss at lists.redbrick.dcu.ie
> http://lists.redbrick.dcu.ie/mailman/listinfo/admin-discuss
>



More information about the Admin-discuss mailing list