Are there any FOSS Python Single-Sign-on Servers?
Phillip B Oldham
phillip.oldham at gmail.com
Wed Nov 12 03:15:53 EST 2008
On Nov 12, 1:12 am, Ben Finney <bignose+hates-s... at benfinney.id.au>
wrote:
> Phillip B Oldham <phillip.old... at gmail.com> writes:
> OpenID is a means of *authentication*, it doesn't mandate any
> particular system of registration or account creation. You presumably
> already have solutions for those; use them, but de-couple the
> authentication process from those systems by using OpenID.
Ah, I see!
> If you write the web application to accept OpenIDs only if they match
> a specific pattern, you achieve the same effect; and you then have the
> option to later choose to allow some other OpenIDs without needing to
> change the authentication protocol.
I think I have some misconceptions about OpenID then.
So, would it be possible to use the user's email address as their
OpenID username/token?
> OpenID is a solution for transporting authentication data, and
> managing the data in a central location under your control. It does
> well at that, because the protocol is mature (solving the transport
> problem) and there are many supported free-software implementations
> for providers and relying parties (allowing you to solve your specific
> centralisation needs).
It's all starting to "click" now. Thanks for being persistent! ;)
> You later revealed that you *also* want a solution for transporting
> authorisation data, and managing it in a central manner. This is a
> separate issue, but OAuth is a similar solution: it is a standard
> transport protocol, with many free-software implementations for both
> ends of the conversation.
OAuth was also something I came across, but discounted as possibly
being too "open".
> Your IT support team should be the ones setting up people's account
> information, and the systems should be automatically providing OpenIDs
> and OAuth profiles for any or all accounts as specified.
> [snip]
> Right, so you should be providing these OpenIDs and OAuth profiles as
> part of whatever other data collection and account set-up needs to be
> done.
Sounds just like what I'm looking for.
So... are there any good OpenID/OAuth servers written in python?
More information about the Python-list
mailing list