[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: http cookies support in subversion client

From: vadim marchenko <vadim.marchenko_at_gmail.com>
Date: Wed, 7 Oct 2009 15:58:03 -0400

Hi Alec,

Thanks for the info.
Have you had experience using either Http Negotiate or GSSAPI or both? If
yes, can you share your main pain points with each/either?

When I say robust, I mean there is backing by big industry leaders Sun, IBM,
MS, Oracle and etc.
You can evaluate and test products from big vendors. We have done testing of
some of the products.

GSSAPI api has more mostly Kerberos implementations. I have been exposed to
Kerberos at some point more than I bargained for.
It has its own issues and is rather considered a cannon to use when when you
all you want to do is sport hunting.
I have not dealt with Http Negotiate. I suspect a lot of implementations
will require either use of Kerberos or NTLM.
It probably requires additional research on my part.

What I wonder is if there is a technical difficulty in adding support for
cookies to subversion client.
Everybody seems to shy away from the main question I asked.

Thanks,
Vadim

On Wed, Oct 7, 2009 at 11:13 AM, Alec Kloss <alec.kloss_at_oracle.com> wrote:

> On 2009-10-07 10:28, vadim marchenko wrote:
> > Hi Andrey,
> >
> > Thanks for your reply.
> >
> > There is a limited choice of technologies to provide truly robust
> > distributed single sign-on.
> > It is either SAML based or WS Federation approach.
> >
> > Other technologies such as OpenID, custom cookies based and etc have
> flaws.
> > However industry seems to be favoring
> > simpler technologies with higher risk but better performance and easier
> time
> > to deploy.
>
> [chop]
>
> > On Wed, Oct 7, 2009 at 3:47 AM, Andrey Repin <anrdaemon_at_freemail.ru>
> wrote:
> >
> > > Cross-domain cookies are very, very, very bad idea...
> > > And if your 3rd party authorization is on same domain, "I'm failing to
> see"
> [chop]
>
> [chop]
>
> It'd help me out if someone could add some citations to clarify
> these two statements:
>
> > There is a limited choice of technologies to provide truly robust
> > distributed single sign-on.
> > It is either SAML based or WS Federation approach.
>
> and
>
> > > Cross-domain cookies are very, very, very bad idea...
>
> I'm curious to know more about both of these staements.
>
> As for SSO in Subversion, there's already built in support for SSO
> in svn over http via HTTP Negotiate, SSO in svnserve with GSSAPI,
> and SSO in svn over ssh using ssh public keys, GSSAPI, and probably
> a few other things too.
>
> --
> Alec.Kloss_at_oracle.com Oracle Middleware
> PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x432B9956
>

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2404658

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-10-07 21:58:51 CEST

This is an archived mail posted to the Subversion Users mailing list.