FAS password on 3rd party pages?
Bruno Wolff III
bruno at wolff.to
Fri Apr 26 18:57:17 UTC 2013
On Fri, Apr 26, 2013 at 11:10:33 -0700,
Toshio Kuratomi <a.badger at gmail.com> wrote:
>On Thu, Apr 25, 2013 at 11:31 AM, Kevin Fenzi <kevin at scrye.com> wrote:
>
> Yeah, with emphasis on the once other things have moved over, I could
>probably agree with this. There are some bumpy spots though -- for
>instance, what happens when an app doesn't have openid support. We also
>need to be aware that this can be an invasive request. If an application
>needs to have authz (groups or permissions) then we may not be able to get
>away with simple openid authn in the application and may need to code our
>own thing to handle that. We also need to have a certain number of other
>deployments done to feel confident that openid-for-our-own-apps isn't going
>to hit any unexpected difficulties. Lack or certain information from fas,
>inability of openid to scale, insecurities, etc.
If we used SAML, the IdP can provide group membership information which could
be used by SPs for authz.
More information about the infrastructure
mailing list