Hoi, We have discussed the subject of single login many times. There are many scenario's that we can take to get to a solution. There is also the potential to do some "future proofing". At this moment in time all our security for users is pretty minimal; it relies on knowing a password or having a cookie on your system. For gaining read only access we do not require any authentication. There are several scenario's where (technically available) additional authentication possibilities will help us.

* When a range of IP numbers is blocked because of frequent vandalism, we want to allow access for authenticated editors. These can be schools or proxies. * When we host educational content, we want to ensure that it is only the student who accesses his material * When we host educational content, we want to give access to a subset of data to a teacher of a student * When we collaborate with another web services like Kennisnet, we allow users authenticated by such an organisation to use our resources as an authenticated editor

The point that I am trying to make is that future proofing makes sense. When we have the potential to do this and make use of proven open source technology, we should consider this as an option in stead of "rolling our own". A-Select http://a-select.surfnet.nl/ is a project run by "Surfnet", it is available under a BSD license. Scalability has been very much part of their existing projects. It is used as the engine for many big projects; DigiD http://www.digid.nl/ is a project to give people living in the Netherlands access to their personal information. Strong authentication like used by banks for on-line transactions are provided for. The Dutch library system, Dutch education .. they use it.

I will make sure that material about all this will become available on Meta. I start by posting here because there is a need for discussing the issues that come up when you introduce the potential for more authentication to our growing list of services.

Thanks, GerardM