Versions Compared

Old Version 14

changes.mady.by.user Unknown User (tokareva@cs.vsu.ru)

Saved on

compared with

New Version 15

changes.mady.by.user David Johnson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The main aim of the project is to increase the efficiency of the authentication and authorization processes at the Roller blog server by managing logon to several services and users' identity in one place via an authentication server with OpenID technology. Using this technology, we'll achieve cross-application and cross-domain single sign-on (SSO). As a result, the users will be more satisfied as they won't have to remember logins and passwords from every website, and just use single OpenID identifier. And the number of people using Roller blog will increase.

With the fulfillment of the objectives previously exposed, the community will see beneficiary in the following aspects:

  1. Support single logon for user accounts and for users who leave blog comments;
  2. Existing users will be able to tie their accounts to the OpenID identity for further use;
  3. New users will have to provide only OpenID identity for further identification;
  4. If the user is not logged-in and wants to leave a comment, the system will redirect him to the login page;
  5. Integration of the new authorization system to the existing one, which is built on Spring Acegi framework;
  6. Support for multiple profiles (for example, provide different names and info at different services).
  7. Roller system will be automatically notified when users change their info on other sites - will always have actual information.

...

Should the user have a choice of which opened_url to use during authentication?
If the user can have multiple opened_urls, there should be some additional functionality on the page where the user can edit its profile details - add or remove certain opened_url from the list - and adjusted database structure should be implemented.

Another issue is the registration of the new user: the user will be asked whether he wants to use openid or not. If not, he will be redirected to the usual registration page. In other case, he will input his openid and redirected to his openIDProvider to authenticate, then, some of the information will be received from user's profile and if necessary, he will be asked to provide some special information. At the same time when the user comes to the website for the first time, he can authenticate using openid and the new account will be automatically created. So, do we need two forms of creating a new user?

...