[Baypiggies] Authkit, OpenID, Click Pass, and local accounts... aka AuthMess
Jeff Younker
jeff at drinktomi.com
Wed Mar 18 00:00:53 CET 2009
I'm in the process of putting together an authentication system for an
application
based on the most recent stable version of CherryPy. My feeling is
that AuthKit
is the way to go for authentication and authorization, but I'm not
sure how integrating
it with CherryPy will go. (If you have any suggests or alternatives
then I'd love
to hear about them.)
That said, the real questions I have relate to authentication
options. For most
of the public facing users we'd like to use OpenID. Each OpenID
instance will
be linked to local account. When a user connects for the first time
we'll need
to do some sort automagic account creation. (Any suggestions or
caveats about
this aspect are appreciated.)
I'm intensely wary of using OpenID for the only authentication
mechanism, because
external authentication systems have a way of failing when
administrators most
need them. Because of this admin accounts will also be able to log in
through
normal password mechanisms.
In addition, it seems that OpenID is a little unfriendly. Opaque URLs
are scary,
so the login screens will use something along the lines of "use your
google/msn/
yahoo account to connect to our system," to which the user selects
one. Now
it seems to me that this part of the system could be rather painful to
implement.
To that end I've started looking at Click Pass. I don't have a good
feeling for
how it would integrate with AuthKit, or the wisdom of going through
their
service for authorization. Given OpenID's nature it seems like, this
shouldn't
really be a problem, but I just don't have a intuition on this one.
I'd also love
to hear any stories about using their service rather than rolling your
own.
- Jeff Younker - jeff at drinktomi.com -
More information about the Baypiggies
mailing list