[xwiki-dev] [Proposal] OpenID support in XWiki

Bradley Beddoes beddoes at intient.com
Tue Mar 20 12:16:44 CET 2007 

Hi,
I have a major piece of the SSO puzzle under development currently, due 
for release in the next few weeks which targets enterprises, it will be 
available under the apache 2.0 licence.

It will allow applications such as xwiki to implement the SAML 2.0 spec 
cleanly using an easy to adapt java library/filter combination between 
the application (xwiki) and a central point called the "enterprise sign 
on engine".

The ESOE is an extremely intelligent piece of software supporting many 
types of internally facing enterprise SSO solutions including automatic 
sign on for windows machines connected to AD, login to windows, 
automatically logon to the web tier.

Additionally it supports many external facing SSO solutions including 
OpenID, Shibboleth 1.3x and Yahoo BB auth to name just the starting line 
up, its extensible architecture means it can support anything new into 
the future.

Essentially you make xwiki understand our single service provider and 
using the ESOE automatically get any kind of SSO/Authentication system 
available on the planet supported.

If your interested and I hope you are I can post again when its out with 
the project URL.

jeremi joslin wrote:
> Hi Artem,
> I think it's a great idea. But I don't think it's very long to
> implement. I would prefer you to work on a more generic problematic of
> single sign on in xwiki.
> 
> You can implement OpenId and another single sign on a more enterprise
> oriented than OpenId.
> 
> WDYT?
> 
> Jeremi
> 
> On 3/20/07, Artem Melentyev <melenartem at ya.ru> wrote:
>> Hi.
>>
>> I would like to propose the project:
>>
>> OpenID[1] support in XWiki.
>>
>> OpenID is an open, decentralized, free framework for user-centric
>> digital identity. [1]
>>
>> 1) XWiki as openid consumer.
>>   Possibility to login into xwiki with openid.
>> Value: major
>>
>> 2) XWiki as openid provider.
>>   Some users of xwiki will have openid account like username.xwiki.host
>> or xwiki.host/openid/username
>>   For example users in xwiki.com will have openid = username.xwiki.com
>> Value: minor
>>
>> User story:
>> I have account and virtual wiki at username.xwiki.com.
>> I wish to login with openid into xwiki.org.
>> Standard authentication process with openid[3]:
>>   I enter to openid login form at xwiki.org my openid=username.xwiki.com,
>>    click sumbit.
>>   xwiki.org redirects me to openid authentication page in
>>    username.xwiki.com.
>>   I enter my password, click submit.
>>   username.xwiki.com redirects me back to xwiki.org.
>>   Done. I logined into xwiki.org with openid.
>> If I already logined to username.xwiki.com, xwiki.org will not redirects
>> me to username.xwiki.com, and I don't enter password.
>> I may use my openid=username.xwiki.com as normal openid. For example I
>> may write comments to livejournal.com with openid[2].
>>
>> Advantages:
>>   The User needs only one login for all xwikis and openid services.
>>   User's openid will be point at homepage on xwiki (possibly).
>>   Increase popularity of xwiki project:
>>    There are not much openid providers for now. [4]
>>    XWiki users will promote xwiki their openids (*.xwiki.com)
>>
>> There are also bounty($5000) for openid-enabled opensource projects:
>> http://iwantmyopenid.org/bounty
>>
>> There are other authorization protocols, similar to the technology 
>> openid:
>> http://lid.netmesh.org/
>> http://en.wikipedia.org/wiki/Inames (inames mostly paid)
>> http://yadis.org/
>> But it is not too common.
>>
>> Technical details:
>>   Possible openid implementations: http://code.google.com/p/openid4java/
>>    or http://code.google.com/p/joid/
>>   Consumer:
>>    Then user logins with openid first time, xwiki create special user
>>    like XWiki.openid_<user's openid> for a user settings storage.
>>   Provider:
>>    java servlet.
>>
>> WDYT?
>>
>> Is this project suitable for GSoC 2007?
>> Estimated workload: 1-2 man/month
>>
>> References:
>> [1] http://openid.net/
>> [2] http://www.livejournal.com/openid/
>> [3] http://openid.net/about.bml
>> [4] http://openid.net/wiki/index.php/Public_OpenID_providers
>>
>> -- 
>>    Artem Melentyev, UralSU, CS401
>>
>>
>>
>>
>> -- 
>> You receive this message as a subscriber of the 
>> xwiki-dev at objectweb.org mailing list.
>> To unsubscribe: mailto:xwiki-dev-unsubscribe at objectweb.org
>> For general help: mailto:sympa at objectweb.org?subject=help
>> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
>>
>>
> 
> 
> 
> ------------------------------------------------------------------------
> 
> 
> --
> You receive this message as a subscriber of the xwiki-dev at objectweb.org mailing list.
> To unsubscribe: mailto:xwiki-dev-unsubscribe at objectweb.org
> For general help: mailto:sympa at objectweb.org?subject=help
> ObjectWeb mailing lists service home page: http://www.objectweb.org/wws


-- 
Bradley Beddoes
Lead Software Architect

http://intient.com
Intient - "Open Source, Open Standards"

More information about the devs mailing list