[xwiki-dev] [Proposal] OpenID support in XWiki

Vincent Massol vincent at massol.net
Tue Mar 20 12:27:13 CET 2007 

Hi Bradley,

On Mar 20, 2007, at 12:16 PM, Bradley Beddoes wrote:

> Hi,
> I have a major piece of the SSO puzzle under development currently,  
> due for release in the next few weeks which targets enterprises, it  
> will be available under the apache 2.0 licence.
>
> It will allow applications such as xwiki to implement the SAML 2.0  
> spec cleanly using an easy to adapt java library/filter combination  
> between the application (xwiki) and a central point called the  
> "enterprise sign on engine".
>
> The ESOE is an extremely intelligent piece of software supporting  
> many types of internally facing enterprise SSO solutions including  
> automatic sign on for windows machines connected to AD, login to  
> windows, automatically logon to the web tier.
>
> Additionally it supports many external facing SSO solutions  
> including OpenID, Shibboleth 1.3x and Yahoo BB auth to name just  
> the starting line up, its extensible architecture means it can  
> support anything new into the future.
>
> Essentially you make xwiki understand our single service provider  
> and using the ESOE automatically get any kind of SSO/Authentication  
> system available on the planet supported.
>
> If your interested and I hope you are I can post again when its out  
> with the project URL.

That sounds very cool. Could you post some links?

Thanks
-Vincent

> jeremi joslin wrote:
>> Hi Artem,
>> I think it's a great idea. But I don't think it's very long to
>> implement. I would prefer you to work on a more generic  
>> problematic of
>> single sign on in xwiki.
>> You can implement OpenId and another single sign on a more enterprise
>> oriented than OpenId.
>> WDYT?
>> Jeremi
>> On 3/20/07, Artem Melentyev <melenartem at ya.ru> wrote:
>>> Hi.
>>>
>>> I would like to propose the project:
>>>
>>> OpenID[1] support in XWiki.
>>>
>>> OpenID is an open, decentralized, free framework for user-centric
>>> digital identity. [1]
>>>
>>> 1) XWiki as openid consumer.
>>>   Possibility to login into xwiki with openid.
>>> Value: major
>>>
>>> 2) XWiki as openid provider.
>>>   Some users of xwiki will have openid account like  
>>> username.xwiki.host
>>> or xwiki.host/openid/username
>>>   For example users in xwiki.com will have openid =  
>>> username.xwiki.com
>>> Value: minor
>>>
>>> User story:
>>> I have account and virtual wiki at username.xwiki.com.
>>> I wish to login with openid into xwiki.org.
>>> Standard authentication process with openid[3]:
>>>   I enter to openid login form at xwiki.org my  
>>> openid=username.xwiki.com,
>>>    click sumbit.
>>>   xwiki.org redirects me to openid authentication page in
>>>    username.xwiki.com.
>>>   I enter my password, click submit.
>>>   username.xwiki.com redirects me back to xwiki.org.
>>>   Done. I logined into xwiki.org with openid.
>>> If I already logined to username.xwiki.com, xwiki.org will not  
>>> redirects
>>> me to username.xwiki.com, and I don't enter password.
>>> I may use my openid=username.xwiki.com as normal openid. For  
>>> example I
>>> may write comments to livejournal.com with openid[2].
>>>
>>> Advantages:
>>>   The User needs only one login for all xwikis and openid services.
>>>   User's openid will be point at homepage on xwiki (possibly).
>>>   Increase popularity of xwiki project:
>>>    There are not much openid providers for now. [4]
>>>    XWiki users will promote xwiki their openids (*.xwiki.com)
>>>
>>> There are also bounty($5000) for openid-enabled opensource projects:
>>> http://iwantmyopenid.org/bounty
>>>
>>> There are other authorization protocols, similar to the  
>>> technology openid:
>>> http://lid.netmesh.org/
>>> http://en.wikipedia.org/wiki/Inames (inames mostly paid)
>>> http://yadis.org/
>>> But it is not too common.
>>>
>>> Technical details:
>>>   Possible openid implementations: http://code.google.com/p/ 
>>> openid4java/
>>>    or http://code.google.com/p/joid/
>>>   Consumer:
>>>    Then user logins with openid first time, xwiki create special  
>>> user
>>>    like XWiki.openid_<user's openid> for a user settings storage.
>>>   Provider:
>>>    java servlet.
>>>
>>> WDYT?
>>>
>>> Is this project suitable for GSoC 2007?
>>> Estimated workload: 1-2 man/month
>>>
>>> References:
>>> [1] http://openid.net/
>>> [2] http://www.livejournal.com/openid/
>>> [3] http://openid.net/about.bml
>>> [4] http://openid.net/wiki/index.php/Public_OpenID_providers
>>>
>>> -- 
>>>    Artem Melentyev, UralSU, CS401
>>>
>>>
>>>
>>>
>>> -- 
>>> You receive this message as a subscriber of the xwiki- 
>>> dev at objectweb.org mailing list.
>>> To unsubscribe: mailto:xwiki-dev-unsubscribe at objectweb.org
>>> For general help: mailto:sympa at objectweb.org?subject=help
>>> ObjectWeb mailing lists service home page: http:// 
>>> www.objectweb.org/wws
>>>
>>>
>> --------------------------------------------------------------------- 
>> ---
>> --
>> You receive this message as a subscriber of the xwiki- 
>> dev at objectweb.org mailing list.
>> To unsubscribe: mailto:xwiki-dev-unsubscribe at objectweb.org
>> For general help: mailto:sympa at objectweb.org?subject=help
>> ObjectWeb mailing lists service home page: http:// 
>> www.objectweb.org/wws
>
>
> -- 
> Bradley Beddoes
> Lead Software Architect
>
> http://intient.com
> Intient - "Open Source, Open Standards"
>
>
> --
> You receive this message as a subscriber of the xwiki- 
> dev at objectweb.org mailing list.
> To unsubscribe: mailto:xwiki-dev-unsubscribe at objectweb.org
> For general help: mailto:sympa at objectweb.org?subject=help
> ObjectWeb mailing lists service home page: http://www.objectweb.org/ 
> wws

More information about the devs mailing list