Comments on: Choices, choices, choices: CAS or OpenID? http://blog.thimian.com/2008/05/11/choices-choices-choices-cas-or-openid/ Suddenly Fiction Tue, 05 Jan 2010 08:57:45 +0000 http://wordpress.org/?v=2.9.1 hourly 1 By: Phill http://blog.thimian.com/2008/05/11/choices-choices-choices-cas-or-openid/comment-page-1/#comment-22 Phill Sun, 11 May 2008 21:52:00 +0000 http://blog.thimian.com/2008/05/11/choices-choices-choices-cas-or-openid/#comment-22 Brian, while this is interesting, it is not always a good idea to host something as sensitive as usernames and passwords externally, at least in an intranet. Not to mention that you might be punching a hole into a network that shouldn't talk to the outside world, ever.<br/><br/>However, it is an interesting option.<br/><br/>jwmittag: Why bother? If you use Single Sign On somewhere, you already have some kind of central user storage. Why make that more complicated than necessary, by adding a CAS authenticator to authenticate via OpenID? KISS principle, DRY principle, and probably YAGNI, too. ;)<br/><br/>One solution is less work load to maintain, easier to extend, and easier to administrate. Not to mention that it is easier to create fail-over solutions for just one authentication service.<br/><br/>If you are talking about a mixed-mode scenario, where you want to offer users the option to sign in once via OpenID, you'll have to do some hacking, but it is possible.<br/><br/>As I said in an earlier post: RubyCAS (and CAS in general), allows for custom authenticators, so the option is there. Brian, while this is interesting, it is not always a good idea to host something as sensitive as usernames and passwords externally, at least in an intranet. Not to mention that you might be punching a hole into a network that shouldn’t talk to the outside world, ever.

However, it is an interesting option.

jwmittag: Why bother? If you use Single Sign On somewhere, you already have some kind of central user storage. Why make that more complicated than necessary, by adding a CAS authenticator to authenticate via OpenID? KISS principle, DRY principle, and probably YAGNI, too. ;)

One solution is less work load to maintain, easier to extend, and easier to administrate. Not to mention that it is easier to create fail-over solutions for just one authentication service.

If you are talking about a mixed-mode scenario, where you want to offer users the option to sign in once via OpenID, you’ll have to do some hacking, but it is possible.

As I said in an earlier post: RubyCAS (and CAS in general), allows for custom authenticators, so the option is there.

]]> By: jwmittag http://blog.thimian.com/2008/05/11/choices-choices-choices-cas-or-openid/comment-page-1/#comment-21 jwmittag Sun, 11 May 2008 16:22:00 +0000 http://blog.thimian.com/2008/05/11/choices-choices-choices-cas-or-openid/#comment-21 Why does it have to be either/or? Is there anything that stops you from using CAS for the "Single" and OpenID for the "Sign-On" part? I.e. use OpenID to log in to the CAS server.<br/><br/>jwm Why does it have to be either/or? Is there anything that stops you from using CAS for the “Single” and OpenID for the “Sign-On” part? I.e. use OpenID to log in to the CAS server.

jwm

]]> By: Brian Kissel http://blog.thimian.com/2008/05/11/choices-choices-choices-cas-or-openid/comment-page-1/#comment-20 Brian Kissel Sun, 11 May 2008 15:35:00 +0000 http://blog.thimian.com/2008/05/11/choices-choices-choices-cas-or-openid/#comment-20 Another option for deploying OpenID for an intranet is JanRain's OpenID for Domains: https://www.myopenid.com/product_domains<br/><br/>This is a hosted solution that is pretty quick and easy to deploy: http://liz.vox.com/library/post/openid-on-your-own-domain.html Another option for deploying OpenID for an intranet is JanRain’s OpenID for Domains: https://www.myopenid.com/product_domains

This is a hosted solution that is pretty quick and easy to deploy: http://liz.vox.com/library/post/openid-on-your-own-domain.html

]]>