[Foundation-l] Single login

Gerard Meijssen gerard.meijssen at gmail.com
Mon Nov 28 13:05:43 UTC 2005 

Hoi,
We have discussed the subject of single login many times. There are many 
scenario's that we can take to get to a solution. There is also the 
potential to do some "future proofing". At this moment in time all our 
security for users is pretty minimal; it relies on knowing a password or 
having a cookie on your system. For gaining read only access we do not 
require any authentication. There are several scenario's where 
(technically available) additional authentication possibilities will 
help us.

* When a range of IP numbers is blocked because of frequent vandalism, 
we want to allow access for authenticated editors. These can be schools 
or proxies.
* When we host educational content, we want to ensure that it is only 
the student who accesses his material
* When we host educational content, we want to give access to a subset 
of data to a teacher of a student
* When we collaborate with another web services like Kennisnet, we allow 
users authenticated by such an organisation to use our resources as an 
authenticated editor

The point that I am trying to make is that future proofing makes sense. 
When we have the potential to do this and make use of proven open source 
technology, we should consider this as an option in stead of "rolling 
our own". A-Select http://a-select.surfnet.nl/ is a project run by 
"Surfnet", it is available under a BSD license. Scalability has been 
very much part of their existing projects. It is used as the engine for 
many big projects; DigiD http://www.digid.nl/ is a project to give 
people living in the Netherlands access to their personal information. 
Strong authentication like used by banks for on-line transactions are 
provided for. The Dutch library system, Dutch education .. they use it.

I will make sure that material about all this will become available on 
Meta. I start by posting here because there is a need for discussing the 
issues that come up when you introduce the potential for more 
authentication to our growing list of services.

Thanks,
     GerardM

More information about the foundation-l mailing list