There's also Shibboleth, providing SAML. It has support for specifying access rules, too, not just authentication.

+1 for me. Any extra authentication mechanism means more unique features for XWiki.

http://shibboleth.internet2.edu/
http://en.wikipedia.org/wiki/SAML
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
http://jira.xwiki.org/jira/browse/XWIKI-402

P.S.: Welcome back, Artem.

On 3/20/07, Artem Melentyev <melenartem@ya.ru> wrote:
Hi.

I would like to propose the project:

OpenID[1] support in XWiki.

OpenID is an open, decentralized, free framework for user-centric
digital identity. [1]

1) XWiki as openid consumer.
  Possibility to login into xwiki with openid.
Value: major

2) XWiki as openid provider.
  Some users of xwiki will have openid account like username.xwiki.host
or xwiki.host/openid/username
  For example users in xwiki.com will have openid = username.xwiki.com
Value: minor

User story:
I have account and virtual wiki at username.xwiki.com.
I wish to login with openid into xwiki.org.
Standard authentication process with openid[3]:
  I enter to openid login form at xwiki.org my openid=username.xwiki.com ,
   click sumbit.
  xwiki.org redirects me to openid authentication page in
   username.xwiki.com.
  I enter my password, click submit.
  username.xwiki.com redirects me back to xwiki.org.
  Done. I logined into xwiki.org with openid.
If I already logined to username.xwiki.com, xwiki.org will not redirects
me to username.xwiki.com, and I don't enter password.
I may use my openid=username.xwiki.com as normal openid. For example I
may write comments to livejournal.com with openid[2].

Advantages:
  The User needs only one login for all xwikis and openid services.
  User's openid will be point at homepage on xwiki (possibly).
  Increase popularity of xwiki project:
   There are not much openid providers for now. [4]
   XWiki users will promote xwiki their openids (*.xwiki.com)

There are also bounty($5000) for openid-enabled opensource projects:
http://iwantmyopenid.org/bounty

There are other authorization protocols, similar to the technology openid:
http://lid.netmesh.org/
http://en.wikipedia.org/wiki/Inames (inames mostly paid)
http://yadis.org/
But it is not too common.

Technical details:
  Possible openid implementations: http://code.google.com/p/openid4java/
   or http://code.google.com/p/joid/
  Consumer:
   Then user logins with openid first time, xwiki create special user
   like XWiki.openid_<user's openid> for a user settings storage.
  Provider:
   java servlet.

WDYT?

Is this project suitable for GSoC 2007?
Estimated workload: 1-2 man/month

References:
[1] http://openid.net/
[2] http://www.livejournal.com/openid/
[3] http://openid.net/about.bml
[4] http://openid.net/wiki/index.php/Public_OpenID_providers

--
   Artem Melentyev, UralSU, CS401


--
http://purl.org/net/sergiu