You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Francesco Chicchiriccò <il...@apache.org> on 2013/09/23 14:41:25 UTC
[DISCUSS] Authentication features (WAS: Release Maggiore and authentication
modules)
Hi all,
sorry for crossposting: let's keep this discusson on dev@, so please
remove user@ from any future reply.
Rgeards.
On 23/09/2013 14:22, Strunk, Wolfgang wrote:
>
> Hi all,
>
> Starting a discussion thread in the developer sounds good.
>
> We have to consider that there actually will be three things to consider:
>
> -Login to Syncope (this is where Shiro could come into play)
>
> -SSO to Syncope
>
> -Provide access management features via Syncope.
>
> I would not mix things up and propose to keep discussion about the
> latter out of Syncope. Probably there will be customers combining
> Syncope with SSO products (e.g. CAS http://www.jasig.org/cas or OpenAM
> http://openam.forgerock.org/) , but building it in to Syncope bears
> the risk to lose focus.
>
> Wolfgang
>
--
Francesco Chicchiriccò
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
RE: [DISCUSS] Authentication features (WAS: Release Maggiore and
authentication modules)
Posted by Oliver Wulff <ow...@talend.com>.
Some thoughts to Approach this. First we have to decide on the security abstraction layer in syncope like:
1) Wicket (as implemented now)
2) Spring Security
3) Shiro
This decision is independent of what kind of security protocol is chosen like WS-Federation, SAML, CAS (proprietary protocol) or OpenAM (might still be proprietary, played with the fedlet feature two years ago).
The benefit of Spring Security is that there is a plugin for WS-Federation (Fediz) and CAS already available and that it allows to manage security on the container level as well for customers who prefer that.
>>>
Provide access management features via Syncope.
>>>
What is exactly meant with this feature?
>>>
You also should consider oAuth for SSO
>>>
OAuth does not address SSO - only authorization. You still have to login in both applications.
Thanks
Oli
________________________________________
From: Fabio Martelli [fabio.martelli@gmail.com]
Sent: 23 September 2013 15:03
To: dev@syncope.apache.org
Subject: Re: [DISCUSS] Authentication features (WAS: Release Maggiore and authentication modules)
Il 23/09/2013 14:41, Francesco Chicchiriccò ha scritto:
> Hi all,
> sorry for crossposting: let's keep this discusson on dev@, so please
> remove user@ from any future reply.
Thanks Francesco.
>> Hi all,
>>
>> Starting a discussion thread in the developer sounds good.
>>
>> We have to consider that there actually will be three things to
>> consider:
>>
>> -Login to Syncope (this is where Shiro could come into play)
>>
>> -SSO to Syncope
>>
>> -Provide access management features via Syncope.
>>
>> I would not mix things up and propose to keep discussion about the
>> latter out of Syncope. Probably there will be customers combining
>> Syncope with SSO products (e.g. CAS http://www.jasig.org/cas or
>> OpenAM http://openam.forgerock.org/) , but building it in to Syncope
>> bears the risk to lose focus.
Umm ... probably you are right. Maybe we have to narrow the set of AM
features to be provided.
In any case, if we choose to provide more AM features with CAS or
something else I'd suggest to work a lot at the integration level:
1. making integration (between Syncope and SSO product) easier and
stronger providing pieces of code written ad-hoc
2. improving centralized configurability
From my PPOV, it would be nice if a potential customer could see Apache
Syncope as a complete Identity & Access Management solution.
Regards,
F.
Re: [DISCUSS] Authentication features (WAS: Release Maggiore and
authentication modules)
Posted by Fabio Martelli <fa...@gmail.com>.
Il 23/09/2013 14:41, Francesco Chicchiriccò ha scritto:
> Hi all,
> sorry for crossposting: let's keep this discusson on dev@, so please
> remove user@ from any future reply.
Thanks Francesco.
>> Hi all,
>>
>> Starting a discussion thread in the developer sounds good.
>>
>> We have to consider that there actually will be three things to
>> consider:
>>
>> -Login to Syncope (this is where Shiro could come into play)
>>
>> -SSO to Syncope
>>
>> -Provide access management features via Syncope.
>>
>> I would not mix things up and propose to keep discussion about the
>> latter out of Syncope. Probably there will be customers combining
>> Syncope with SSO products (e.g. CAS http://www.jasig.org/cas or
>> OpenAM http://openam.forgerock.org/) , but building it in to Syncope
>> bears the risk to lose focus.
Umm ... probably you are right. Maybe we have to narrow the set of AM
features to be provided.
In any case, if we choose to provide more AM features with CAS or
something else I'd suggest to work a lot at the integration level:
1. making integration (between Syncope and SSO product) easier and
stronger providing pieces of code written ad-hoc
2. improving centralized configurability
From my PPOV, it would be nice if a potential customer could see Apache
Syncope as a complete Identity & Access Management solution.
Regards,
F.