[Ur] The right way to do federated login in 2015?
Adam Chlipala
adamc at csail.mit.edu
Thu Oct 22 11:02:23 EDT 2015
On 10/21/2015 05:12 AM, Eran Meir wrote:
> From what I read, the two main alternatives for identity management
> are OIDC <https://en.wikipedia.org/wiki/OpenID_Connect>(OpenID
> Connect) and SAML
> <https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language>.
> [...]
>
> If I had to risk a guess I would say OIDC will gradually replace SAML
> (or a new system will replace both?), so I suggest supporting OIDC.
>
> OIDC is basically OAuth2.0 + JWT
> <https://en.wikipedia.org/wiki/JSON_Web_Token>. A gradual
> implementation approach may be supporting those building blocks as
> Ur/Web libraries first.
OK, this seems like the most positive recommendation so far, in terms of
a concrete "standard" that is in use by key players today.
Is anyone interested in taking the lead in developing a library?
I'm motivated enough about at least the OAuth part, as I want to use it
for a web app, aimed at developers, to do login with GitHub
credentials. So, I expect that bit would get done by early 2016, even
if no one else volunteers. JWT/OIDC would be a lower priority, but
sounds appropriate for apps targeting broader audiences.
However, I would be very glad to see someone else taking the lead on an
open-source Ur/Web library that handles all the credible enough
authentication protocols. The existing OpenID library could be a good
inspiration:
http://hg.impredicative.com/openid
[Presumably that original OpenID protocol is no longer worth supporting.]
Any takers?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.impredicative.com/pipermail/ur/attachments/20151022/2f5508d7/attachment.html>
More information about the Ur
mailing list