[unisog] LDAP access for 3rd parties

Christopher A Bongaarts cab at tc.umn.edu
Wed Feb 13 18:24:37 GMT 2008


In the immortal words of Pete Hickey:

> > Every external vendor I have worked with takes the password supplied  
> > by the "user", 
> 
> and BANG!  They have a userid and password.  If you're a place
> with a single userid/password for most applications, there could
> be a fair amount of value to it.

Indeed.

> A better scheme would be sending control to university machine, which
> accepts the credentials and then sends the 3rd party a yes/no... Similar
> to how it is done with some types of credit card verifications.

Even better is a system designed for handling inter-institutional
authentication, such as Shibboleth.

  http://shibboleth.internet2.edu/

Then you needn't worry about your users' credentials floating around
on vendor sites, and you gain a mechanism for selectively releasing
directory attributes or other data about users in a controlled
manner.  Plus, a vendor who supports Shib can more easily sell their
product to the hundreds of other universities who have already
deployed it.

%%  Christopher A. Bongaarts  %%  cab at tc.umn.edu       %%
%%  Internet Services         %%  http://umn.edu/~cab  %%
%%  University of Minnesota   %%  +1 (612) 625-1809    %%


More information about the unisog mailing list