[Demexp-dev] Authentication and so on

[François]

As the discussion about athentication came to demexp-fr I just wanted to
add my voice.

Whithout knowing anything on authentication I had a look on the web for
authentication mechanisms and framework/utilities around it.

There is an [interesting introduction][introSSO] (in french,
sorry for non french speakers) on the [website of French Networks
Universities Comitee][CRU].

What I understand on this topic it's that solutions
exists... but we must know what problem to solve. I.e. :

- what systems exactly need authentication and why
- what information they need for autentication
- who is able to certify this information

Just now we have two systems with different autentications scheme. 

The core demexp part want to have a strong autentication with birth
certificates or equivalent in order to control fraud on voting.

The drupal part want to autenticate person with their name on forums
(and perhaps some things more)

What we can say it's that the drupal part could trust demexp core for
autentication but not the reverse.

So, we could imagine some system with an demexp autentication server who
can give some token to the drupal part. When the drupal account is 
binded with a demexp account it can ask the demexp server to autenticate
against the demexp account. When it is not binded, it autenticate with 
its own scheme.

The demexp autentication server could be the same server (and the same
software) as the demexp voting server, but it do not need to. 
(Indeed I strongly advocate in favour of the unix utiliies way of 
thinking : prefer several small utilities communicating than one big 
piece of software. That is why I imagine that the future could see 
several pieces of demexp separated : autentication part, voting part (base 
des positions), classification part, forum part...)


[introSSO]: <http://www.cru.fr/sso/jres-sso/>

[CRU]: <http://www.cru.fr/>

François