@ Ryan, If you say SAML is the best approach, then that's what we'll use. OpenID can be a backup for those that are not SAML compatible for some reason.
@ Oren, we want to make it so that the vast majority of the work is done on our end if possible. Ideally, participating resource donors wouldn't have to do anything to their websites at all. That may not be realistic, but it's the direction I'd like to lean. Jake Orlowitz Wikipedia editor: Ocaasi http://enwp.org/User:Ocaasi wikiocaasi@yahoo.com
________________________________ From: Ryan Lane rlane32@gmail.com To: Ocaasi Ocaasi wikiocaasi@yahoo.com; Wikimedia developers wikitech-l@lists.wikimedia.org Cc: Derk-Jan Hartman d.j.hartman+wmf_ml@gmail.com Sent: Wednesday, July 25, 2012 2:04 PM Subject: Re: [Wikitech-l] Creating a centralized access point for propriety databases/resources
I'm trying to understand the differences between:
*phpMyAdmin *SAML *OpenID *OpenVPN
You should only consider SAML and OpenID. More exactly, you should really only consider SAML, since the resources you are trying to connect to only support SAML, and not OpenID. We can use OpenID for proxied access to resources that don't support SAML, but it's very likely nearly all of the resources we're trying to access support SAML.
Ideally we'd integrate central auth with something that supports multiple protocols. SimpleSAMLPHP supports SAML, OpenID, OAuth and a few other protocols. It also can handle the circles of trust that we'd need to create with the libraries/universities.
- Ryan