| Christophe Gesché Aka Moosh 2006-02-20, 7:55 am |
| I forward a message of Hugues Peteers.
Moosh
----------------------
-Hugues Peteers. ----
We are going to use more and more intensively the
Pear::Auth::LDAP connection. But for the moment, our experience
with LDAP is quiet limited to our single LDAP server plus
feedbacks here and there from people using our Application
(Claroline) through the world. We can help to improve the
Pear::Auth package, but I don't think we are the most appropriate
team to lead its development.
However, we hope the maintenance pace of this package will
improve in the future. A year ago, we have faced problems
concerning user attributes from the LDAP container. We've
provided solutions and the problem is still not fixed into
the official package. It's very tedious for us to adapt the
container at each of our application release.
Aside, we've some suggestions to emit concerning the future of
Auth development. Our main suggestion is to uncouple more
seriously the authentication process from the username/password
submission via a form. This kind of authentication is only one
possible pattern for authentication. There is other possible
authentication patterns. For example Single Sign On is another
one. In this pattern, user doesn't have to reauthenticate
themselves because they have already done it in another
application.
Six month ago we had to implement CAS, a Free Single Sign On
system developed by the Yale University and well known in USA
among colleges and universities. And we had to implement it
outside Pear::Auth, meaning that we have to maintain two parallel
authentication systems now. In the near future we're going to
implement Shibboleth, another authentication system based on the
SAML (Security Assertion Markup Language). Again, this kind of
authentication does not work client side with a login/password
form.
It would be nicer if we could be able to implement all these
authentication processes simply as new Auth container.
Regards,
Hugues
--
Hugues PEETERS
Institut de Pédagogie universitaire et des Multimedias (IPM)
Universite catholique de Louvain (UCL)
54 Grand rue 1348 Louvain-la-Neuve
BELGIUM
phone : 32 (0) 10 47 85 48
e-mail : peeters@ipm.ucl.ac.be
--
---------------------------------
Moosh -- claroline.net -- php.net
=== Php & Pear @ Fosdem 2006 ===
http://moosh.et.son.brol.be/ (fr)
|