WS-Auth

This project is a proposal for an integration layer for authentication systems.

Many authentication mechanisms already exist today. Even more than necessary. But web applications often have to choose and stick with one of them, using their dedicated libraries (sometimes it’s integrated into a whole framework) and storage (what often makes migration very expensive, even to the same database system).

Therefore, there must to be an independent layer which goal is to integrate the authentication backend into the application. RFC 86.0 (Pluggable Authentication Modules) is already doing that job, but at a lower level (system libraries). This project proposes to do the same as a Web Services oriented API.

Rather than creating a new library, the goal of Plug ’n Auth is to interface existing authentication mechanisms into a : simple, stable, flexible, portable and framework independent API. It can be seen as a big switch between the authentication backends that will be plugged in it.

More precisely, this project will provide :

• specifications for a plug-in based architecture for authentication systems, loosely based on RFC 86.0 (original PAM system)
• a Web Services implementation with ready-to-use PHP, Java and Python libraries
• ready-to-use logon systems (like a confidentiality layer for servers without HTTP).

Care will be taken to address several common problems encountered in a web admin life :

• strong framework dependency of existing authentication mechanisms
• limited technical resources (on free host : no SSL, no crypto/LDAP/auth libraries, …)
• (multi domain) Single Sign-On existing implementations are too specific (in particular, today there’s no practical solution to do SSO using free hosting only).

This project is in planning phase. There's nothing to download yet.