Re: [MLUG] OpenID

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Members <EMAIL:PROTECTED>
Subject: Re: [MLUG] OpenID
From: ryan woodsmall <EMAIL:PROTECTED>
Date: Tue, 11 Dec 2007 13:47:45 -0600
Delivery-date: Tue, 11 Dec 2007 13:48:07 -0600
Envelope-to: EMAIL:PROTECTED
In-reply-to: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED> <EMAIL:PROTECTED> <EMAIL:PROTECTED>
Reply-to: MLUG Members <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED

"There is no silver bullet."

Our current Shibboleth environment is well-tested and works relatively well. We're currently on the stable v1.3 install and I'm planning on moving to Shib 2 as soon as it's released and is feasible for us. I'll probably integrate ADFS bits at that point as well to make life easier for Windows/IIS folks. I don't know that we'll run a full ADFS infrastructure, but integrating ADFS clients with Shibboleth is cake if you're doing simple authentications and limited authorization.

Some things we just can't do with Shibboleth. Transient services - where IPs, locations, etc. are in somewhat constant flux - simply don't work with Shibboleth. LDAP to AD is viable and works just fine in most of those cases, and gives close enough approximation of single sign-on.

None of this is official word from the Dept. of IT or anything - but if you have something working and secured that's passed our tests, you should be good. We're pushing for Shibboleth where possible simply because of its centralized deployment. It's easier to turn off or on a problem web app/server when I can just disable your metadata. But if you're happy with LDAP, that's no problem from my end.

  ryan woodsmall
    EMAIL:PROTECTED


"Be well, do good work, and keep in touch." - Garrison Keillor


On Dec 11, 2007, at 12:05 PM, Davis, Jared Scott wrote:

Sorry to resurrect an old thread... How will this affect us as departmental developers? Are we moving toward implementing Shibboleth, ADFS, what-have-you as a replacement for LDAP authentication?
Thanks,
jared davis.
Internet Administrator
Residential Life
University of Missouri-Columbia
100 Pershing Hall
(573) 884-3616


_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members

References:
- [MLUG] OpenID
  - From: Mike Miller <EMAIL:PROTECTED>
- Re: [MLUG] OpenID
  - From: ryan woodsmall <EMAIL:PROTECTED>
- RE: [MLUG] OpenID
  - From: "Davis, Jared Scott" <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG] [Fwd: New Seagate Drives Have Real Difficulties With Linux]
Next by Date: Re: [MLUG] Anyone planning on getting a OLPC laptop?
Previous by thread: RE: [MLUG] OpenID
Next by thread: [MLUG] MPAA University toolkit
Index(es):
- Date
- Thread