There's also Shibboleth, providing SAML. It has support for specifying access rules, too, not just authentication.
+1 for me. Any extra authentication mechanism means more unique features for XWiki.
http://shibboleth.internet2.edu/
http://en.wikipedia.org/wiki/SAML
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
http://jira.xwiki.org/jira/browse/XWIKI-402
P.S.: Welcome back, Artem.
Hi.
I would like to propose the project:
OpenID[1] support in XWiki.
OpenID is an open, decentralized, free framework for user-centric
digital identity. [1]
1) XWiki as openid consumer.
Possibility to login into xwiki with openid.
Value: major
2) XWiki as openid provider.
Some users of xwiki will have openid account like username.xwiki.host
or xwiki.host/openid/username
For example users in xwiki.com will have openid = username.xwiki.com
Value: minor
User story:
I have account and virtual wiki at username.xwiki.com.
I wish to login with openid into xwiki.org.
Standard authentication process with openid[3]:
I enter to openid login form at xwiki.org my openid=username.xwiki.com ,
click sumbit.
xwiki.org redirects me to openid authentication page in
username.xwiki.com.
I enter my password, click submit.
username.xwiki.com redirects me back to xwiki.org.
Done. I logined into xwiki.org with openid.
If I already logined to username.xwiki.com, xwiki.org will not redirects
me to username.xwiki.com, and I don't enter password.
I may use my openid=username.xwiki.com as normal openid. For example I
may write comments to livejournal.com with openid[2].
Advantages:
The User needs only one login for all xwikis and openid services.
User's openid will be point at homepage on xwiki (possibly).
Increase popularity of xwiki project:
There are not much openid providers for now. [4]
XWiki users will promote xwiki their openids (*.xwiki.com)
There are also bounty($5000) for openid-enabled opensource projects:
http://iwantmyopenid.org/bounty
There are other authorization protocols, similar to the technology openid:
http://lid.netmesh.org/
http://en.wikipedia.org/wiki/Inames (inames mostly paid)
http://yadis.org/
But it is not too common.
Technical details:
Possible openid implementations: http://code.google.com/p/openid4java/
or http://code.google.com/p/joid/
Consumer:
Then user logins with openid first time, xwiki create special user
like XWiki.openid_<user's openid> for a user settings storage.
Provider:
java servlet.
WDYT?
Is this project suitable for GSoC 2007?
Estimated workload: 1-2 man/month
References:
[1] http://openid.net/
[2] http://www.livejournal.com/openid/
[3] http://openid.net/about.bml
[4] http://openid.net/wiki/index.php/Public_OpenID_providers
--
Artem Melentyev, UralSU, CS401