[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: http cookies support in subversion client

From: Alec Kloss <alec.kloss_at_oracle.com>
Date: 7 Oct 2009 10:13:16 -0500

On 2009-10-07 10:28, vadim marchenko wrote:
> Hi Andrey,
>
> Thanks for your reply.
>
> There is a limited choice of technologies to provide truly robust
> distributed single sign-on.
> It is either SAML based or WS Federation approach.
>
> Other technologies such as OpenID, custom cookies based and etc have flaws.
> However industry seems to be favoring
> simpler technologies with higher risk but better performance and easier time
> to deploy.

[chop]

> On Wed, Oct 7, 2009 at 3:47 AM, Andrey Repin <anrdaemon_at_freemail.ru> wrote:
>
> > Cross-domain cookies are very, very, very bad idea...
> > And if your 3rd party authorization is on same domain, "I'm failing to see"
[chop]

[chop]

It'd help me out if someone could add some citations to clarify
these two statements:

> There is a limited choice of technologies to provide truly robust
> distributed single sign-on.
> It is either SAML based or WS Federation approach.

and

> > Cross-domain cookies are very, very, very bad idea...

I'm curious to know more about both of these staements.

As for SSO in Subversion, there's already built in support for SSO
in svn over http via HTTP Negotiate, SSO in svnserve with GSSAPI,
and SSO in svn over ssh using ssh public keys, GSSAPI, and probably
a few other things too.

-- 
Alec.Kloss_at_oracle.com			Oracle Middleware
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956

  • application/pgp-signature attachment: stored
Received on 2009-10-07 17:14:48 CEST

This is an archived mail posted to the Subversion Users mailing list.