[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: http cookies support in subversion client

From: vadim marchenko <vadim.marchenko_at_gmail.com>
Date: Wed, 7 Oct 2009 10:28:43 -0400

Hi Andrey,

Thanks for your reply.

There is a limited choice of technologies to provide truly robust
distributed single sign-on.
It is either SAML based or WS Federation approach.

Other technologies such as OpenID, custom cookies based and etc have flaws.
However industry seems to be favoring
simpler technologies with higher risk but better performance and easier time
to deploy.

I have used LDAP authentication (and authorization with some extra
scripting) for internal domains in the past. I definitely can use LDAP but
account replication and syncing and other management tasks present to be
challenging.

On the other hand, cookies seems to an efficient way to maintain session
state among web apps within a domain. For inter-domain communication, one
can use SAML, for example, as we have done in the past.

I was just wondering if adding cookies was in the plans. They have been
around for awhile and worked quite well for majority web applications.

Thanks again,
Vadim

On Wed, Oct 7, 2009 at 3:47 AM, Andrey Repin <anrdaemon_at_freemail.ru> wrote:

> Greetings, vadim marchenko!
>
> > I was wondering if http cookies support is planned for subversion client
> any
> > time soon?
>
> > I am trying to integrate with 3-rd party single sign-on solution to
> provide
> > restricted access to subversion repository.
> > Any info/advice would very much appreciated.
>
> Cross-domain cookies are very, very, very bad idea...
> And if your 3rd party authorization is on same domain, "I'm failing to see"
> how your custom authn can't be implemented as Apache module or why you
> can't
> use one of the standard authn, like LDAP?
>
>
> --
> WBR,
> Andrey Repin (anrdaemon_at_freemail.ru) 07.10.2009, <11:44>
>
> Sorry for my terrible english...
>
>

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2404539

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-07 16:29:40 CEST

This is an archived mail posted to the Subversion Users mailing list.