Re: http cookies support in subversion client

On 2009-10-07 10:28, vadim marchenko wrote:
> Hi Andrey,
>
> Thanks for your reply.
>
> There is a limited choice of technologies to provide truly robust
> distributed single sign-on.
> It is either SAML based or WS Federation approach.
>
> Other technologies such as OpenID, custom cookies based and etc have flaws.
> However industry seems to be favoring
> simpler technologies with higher risk but better performance and easier time
> to deploy.

[chop]

> On Wed, Oct 7, 2009 at 3:47 AM, Andrey Repin <anrdaemon_at_freemail.ru> wrote:
>
> > Cross-domain cookies are very, very, very bad idea...
> > And if your 3rd party authorization is on same domain, "I'm failing to see"
[chop]

[chop]

It'd help me out if someone could add some citations to clarify
these two statements:

> There is a limited choice of technologies to provide truly robust
> distributed single sign-on.
> It is either SAML based or WS Federation approach.

and

> > Cross-domain cookies are very, very, very bad idea...

I'm curious to know more about both of these staements.

As for SSO in Subversion, there's already built in support for SSO
in svn over http via HTTP Negotiate, SSO in svnserve with GSSAPI,
and SSO in svn over ssh using ssh public keys, GSSAPI, and probably
a few other things too.

-- 
Alec.Kloss_at_oracle.com			Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956