[OSLC-CM] How many tools support (or plan to) OAuth?

Mark Ringer mringer at rallydev.com
Wed Nov 25 11:33:38 EST 2009


We are investigating supporting OAuth here at Rally but no firm commitment
if or when we will get to it.

- Mark

On Wed, Nov 25, 2009 at 6:58 AM, Steve K Speicher <sspeiche at us.ibm.com>wrote:

>
> Olivier Berger <olivier.berger at it-sudparis.eu> wrote on 11/25/2009
> 07:09:13 AM:
>
>
> > Le vendredi 20 novembre 2009 à 12:14 -0500, Steve K Speicher a écrit :
> > >
> > > For ALM tool interoperability, a good authentication story is needed.
> > >  In CM 1.0, we sort of "punted" on the issue and made some general
> > > statements about what SHOULD be supported: HTTP Basic auth, OAuth and
> > > SSL.  We never made it a MUST hard mandatory requirement.
> > >
> > > I'd like get some more information about where participants are with
> > > respect to OAuth.  If you don't know much about OAuth, there are some
> > > good introductory resources at
> http://oauth.net
> > >
> > > So the kind of feedback I'm looking for is:
> > >       * What solutions are used today for cross-system
> > >         authentication?
> > >       * What are the current issues with today's solutions?
> > >       * Do any of your tools support OAuth today? If not, any plans.
> > >         If no plans, reasons for not adopting?
> > >
> > > Feel free to respond or we can talk on Wednesday.
> > >
> > >
> >
> > I believed that OAuth was only about permissions, i.e. authorizations,
> > and not about authentication... but I may be wrong... care to clarify,
> > anyone ?
>
>
> Since the terms "authorization" and "authentication" are overloaded, I
> think it would be best instead of me trying to describe OAuth here that I
> defer to the http://oauth.net site for resources that describe it.
>
> I did not intend to state a subset of OAuth or misrepresent it by saying
> "cross-system authentication" as it is not a single-sign on solution.  It
> provides a way to authenticate users, then leverage that to authorize
> cross-server access.
>
> >
> > Then if Oauth was only concerned with authorizations, what would be
> > taking care of Auth : only Http(S) login + password ?
> >
> > Correct me if I'm wrong ;)
> >
> > In any case, in the specs, authn and authz should be distinctly
> > addressed, I suppose.
> >
> > Sorry not to provide any more concrete feedback WRT tools : we're
> > learning and intend to implement whatever will be in the specs in a dmo
> > server to be developped, so no tool implementation available yet really
> > (also, haven't fully checked if might be Mantis plugins/configs to
> > support various existing Auth protocols already, as we're aiming at
> > Mantis in a second time).
> >
>
> _______________________________________________
> OSLC-CM mailing list
> OSLC-CM at open-services.net
> http://open-services.net/mailman/listinfo/oslc-cm_open-services.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://open-services.net/pipermail/oslc-cm_open-services.net/attachments/20091125/c498d0f4/attachment-0003.html>


More information about the Oslc-Cm mailing list