[OSLC-CM] How many tools support (or plan to) OAuth?

Wed Nov 25 07:09:13 EST 2009

Le vendredi 20 novembre 2009 à 12:14 -0500, Steve K Speicher a écrit :
> 
> For ALM tool interoperability, a good authentication story is needed.
>  In CM 1.0, we sort of "punted" on the issue and made some general
> statements about what SHOULD be supported: HTTP Basic auth, OAuth and
> SSL.  We never made it a MUST hard mandatory requirement. 
> 
> I'd like get some more information about where participants are with
> respect to OAuth.  If you don't know much about OAuth, there are some
> good introductory resources at http://oauth.net 
> 
> So the kind of feedback I'm looking for is: 
>       * What solutions are used today for cross-system
>         authentication? 
>       * What are the current issues with today's solutions? 
>       * Do any of your tools support OAuth today? If not, any plans.
>         If no plans, reasons for not adopting? 
> 
> Feel free to respond or we can talk on Wednesday. 
> 
> 

I believed that OAuth was only about permissions, i.e. authorizations,
and not about authentication... but I may be wrong... care to clarify,
anyone ?

Then if Oauth was only concerned with authorizations, what would be
taking care of Auth : only Http(S) login + password ?

Correct me if I'm wrong ;)

In any case, in the specs, authn and authz should be distinctly
addressed, I suppose.

Sorry not to provide any more concrete feedback WRT tools : we're
learning and intend to implement whatever will be in the specs in a dmo
server to be developped, so no tool implementation available yet really
(also, haven't fully checked if might be Mantis plugins/configs to
support various existing Auth protocols already, as we're aiming at
Mantis in a second time).

Best regards,
-- 
Olivier BERGER <olivier.berger at it-sudparis.eu>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 1024D/6B829EEC
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)