Hi Nick,
sorry for my late answer, I was busy with the ApacheCon presentation.
The current Fediz codebase doesn't support OID/OAuth. Of course, it
could be interested to support it, by implementing it or by leveraging
existing implementations.
Some pointer about OID/OAuth:
- OID/OAuth doesn't support claims based authorization.
- OID/OAuth doesn't address end-to-end security where identities can be
propagated from a SSO enabled web application to the web services.
WS-Federation is supported by Identity Providers like OpenAM, IBM
Tivoli, Microsoft ADFS, Oracle but there is no support for it in Tomcat,
Karaf, or JBoss for instance.
I hope it answers to your question.
Regards
JB
On 11/03/2011 12:25 PM, Nick Kew wrote:
On 1 Nov 2011, at 09:22, Jean-Baptiste Onofré wrote:
Hi,
I would like to propose Fediz to be an Apache Incubator project.
As others have pointed out, this looks like some familiar technologies.
We know that OpenID is widely supported, by web client, server and
application software, and some of the biggest providers. OpenAuth
perhaps less so, but they're spoken of as a pair.
How about a proper exposition of:
- Does Fediz include an implementaion of OID/OAuth?
- If yes, does it do other things too, and what's the motivation?
How would you react to accusations of "embrace and extend"?
- If no, why should we want another, competing framework/standard?
- If no, where is it in fact supported in the real world?
I think we should see these issues properly addressed in the proposal!
--
Jean-Baptiste Onofré
jbono...@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org
For additional commands, e-mail: general-h...@incubator.apache.org
