RE: [Auth]Project discussion

[Nick Lothian]

> 
> How about the .gnu auth server also being used as a proxy?
> 
> That way you could have the user hitting the page.
> 
> http://www.uselesstools.com/ 
> 
> Going to the section that needs .gnu auth
> 
> http://www.uselesstools.com/tools/ 
> 
> Which gives them a page with links to various .gnu servers 
> that  authorised for that page.
>  
> The links in the form of (just as an example)
> 
> https://dotgnu.ibm.com/proxy/https/www.uselesstools.com/tools/ 
> 
> https://dotgnu.gnu.org/proxy/https/www.uselesstools.com/tools/ 
> 
> etc etc. each server being one trusted by the site owner.
> 
> From that each .gnu auth server goes to a user/password page. And then
> if the user authenticates acts as a https proxy between the 
> site and the user.
> 
> It's ugly. But it will work with _any_ browser that can 
> handle forms. uses
> existing technology and doesn't involve any plugins.
> 
> And as far as actual authentication goes it's all up to each 
> individual .gnu auth server. 
> 
> daniel
> 

Not too bad. Why use the proxy system at all, though - why not just have a
set of links to trusted authentication sites. When the user clicks on one,
it goes to that site, they enter username/password, and then are redirected
back to the appropriate page.

It does remove a lot of the flexibility though - the site can't put the
login form on their own site.

I guess another possibility would be to have a login on the site, and a
dropdown menu of trusted authentication sites (obviously all would need to
support the same interface), and then the user is authenticated against
whatever service they choose.

The biggest problem with this is that it makes it difficult for new
authentication services to be added - it requires code changes on every
login page that wants to use them.