Single Sign On: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
(→FAQ) |
||
| Line 17: | Line 17: | ||
Reasoning: The SSO webapp will have a user page where you can see what apps you've integrated sign-on for. Client webapps still need to define and build out their profile pages. Some user metadata can be gleaned from the SSO server, but updating, storing extra metadata, etc is TBD and probably belongs in a different web service. | Reasoning: The SSO webapp will have a user page where you can see what apps you've integrated sign-on for. Client webapps still need to define and build out their profile pages. Some user metadata can be gleaned from the SSO server, but updating, storing extra metadata, etc is TBD and probably belongs in a different web service. | ||
* '''Q: Will SSO handle authorization''' | * '''Q: Will SSO handle authorization?''' | ||
* A: No, SSO is for authentication, each client application will implement Authorization | * A: No, SSO is for authentication, each client application will implement Authorization | ||
* '''Q: Why not just use OpenID?''' | |||
* A: OpenID alone prevents us from implementing such features as global logout and other future features that require a central authentication entity. However, we might at some point allow you to log into *SSO* using your OpenID. | |||
== Related == | == Related == | ||
* [[MozillaID]] | * [[MozillaID]] | ||
Revision as of 22:51, 10 November 2010
Mozilla has over 100 web properties. A reoccurring idea in the Mozilla community is to implement Single Sign-On (SSO).
This has been discussed many times off and on over the last few years. The Webdev team is leading a Web based SSO solution, which will be rolled out onto MDN.
Please use the Discussion tab to work through contentious points.
Technical Details
- The Secret Squirrel Project is a CAS 2.0 based SSO server
- New User Credentials (not bootstrapped from AMO, Firefox Sync, or any other source)
- MDN is the first target app
- Good choice as it currently has three codebases Dekiwiki, phpbb, and Django
FAQ
- Q: Will SSO be a profile server?
- A: No, not in v1.0, probably never
Reasoning: The SSO webapp will have a user page where you can see what apps you've integrated sign-on for. Client webapps still need to define and build out their profile pages. Some user metadata can be gleaned from the SSO server, but updating, storing extra metadata, etc is TBD and probably belongs in a different web service.
- Q: Will SSO handle authorization?
- A: No, SSO is for authentication, each client application will implement Authorization
- Q: Why not just use OpenID?
- A: OpenID alone prevents us from implementing such features as global logout and other future features that require a central authentication entity. However, we might at some point allow you to log into *SSO* using your OpenID.