[unisog] LDAP access for 3rd parties
Christopher A Bongaarts
cab at tc.umn.edu
Wed Feb 13 18:24:37 GMT 2008
In the immortal words of Pete Hickey:
> > Every external vendor I have worked with takes the password supplied
> > by the "user",
>
> and BANG! They have a userid and password. If you're a place
> with a single userid/password for most applications, there could
> be a fair amount of value to it.
Indeed.
> A better scheme would be sending control to university machine, which
> accepts the credentials and then sends the 3rd party a yes/no... Similar
> to how it is done with some types of credit card verifications.
Even better is a system designed for handling inter-institutional
authentication, such as Shibboleth.
http://shibboleth.internet2.edu/
Then you needn't worry about your users' credentials floating around
on vendor sites, and you gain a mechanism for selectively releasing
directory attributes or other data about users in a controlled
manner. Plus, a vendor who supports Shib can more easily sell their
product to the hundreds of other universities who have already
deployed it.
%% Christopher A. Bongaarts %% cab at tc.umn.edu %%
%% Internet Services %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%
More information about the unisog
mailing list