Hello, everyone! I just released a new version of the Eteos Client for Rails. Basically, what it provides is cross-website authentication via the Eteos authentication service (www.eteos.com). With two lines of code you can provide authentication across your application with an account that works across websites. This release can also integrate automagically with existing user models. It''s available at RubyForge (http://rubyforge.org/projects/eteos-client) and as a gem (gem install eteos-client). The docs are in the README which you can find in the tarball or at this URL: http://rubyforge.org/docman/view.php/527/142/readme.txt Anyway, while I''m mainly writing this for some projects I''m working on, I hope other people might find it useful. But the feedback I''m most interested in is whether it should attempt to support other similar authentication systems such as TypeKey, LID, or CAS, either in the same project or parallel projects. And perhaps more importantly to this list, if and how this might fit in with an current or future protocol or standard way of providing authentication for Rails applications. I appreciate any thoughts you have. David Adams
David Adams wrote:>I just released a new version of the Eteos Client for Rails. >Basically, what it provides is cross-website authentication via the >Eteos authentication service (www.eteos.com). With two lines of code >you can provide authentication across your application with an account >that works across websites. This release can also integrate >automagically with existing user models. > >Sounds perfect for the site I am writing. One question, though: is eteos free ? If not, how much does it cost ? If it''s free, how long will it remain free ? I tried looking on the site itself, but could not find any information.
Stanislav Freidin wrote:> David Adams wrote: > >> I just released a new version of the Eteos Client for Rails. >> Basically, what it provides is cross-website authentication via the >> Eteos authentication service (www.eteos.com). With two lines of code >> you can provide authentication across your application with an account >> that works across websites. This release can also integrate >> automagically with existing user models. >> >> > Sounds perfect for the site I am writing. One question, though: is eteos > free ? If not, how much does it cost ? If it''s free, how long will it > remain free ? I tried looking on the site itself, but could not find any > information.Yeah right, then they''re going to shut down their services like myuid.com and you''ll have to reimplement the user authentification yourself by the end. Central authentication is not the future of Internet and has never been. Even Microsoft''s Passeport.net gets dumped by big services (Ebay?) ! And from what I''ve read on the website, Eteos has nothing special that attracts my attention. Sorry for that angry tone, but why not think "community" instead of "I''ll have my own" ? What would really help Rails is *distributed* authentication. If it wasn''t for the spam, I''d suggest using e-mail addresses as the user ID, combined to webservices for dialogs with both parties. Then every user would have it''s own page like the webmail, that would allow him to accept / reject the website''s authentication requests. Something like that.. For now, the only interesting project I''ve seen is the one of the Liberty Allianz ( http://www.projectliberty.org ), but for some reason SAML seams too academic for me to dig in. However some people had the courage for building SourceId ( http://www.sourceid.org ), the Java implementation of those specs. That''s all Cheers, zimba
On Wed, 23 Mar 2005 00:50:43 -0800, Stanislav Freidin <bugmaster-ihVZJaRskl1bRRN4PJnoQQ@public.gmane.org> wrote:> Sounds perfect for the site I am writing. One question, though: is eteos > free ? If not, how much does it cost ? If it''s free, how long will it > remain free ? I tried looking on the site itself, but could not find any > information.Eteos is free and my intention is that it always will be free. The developer information is non-existent right now, unfortunately. I''ll add your questions to the FAQ, though. Thanks.> Yeah right, then they''re going to shut down their services like > myuid.com and you''ll have to reimplement the user authentification > yourself by the end.This is certainly a risk of using any centralized authentication service. Which is why I brought up my bigger question: should we and how do we standardize authentication (and ultimately authorization) protocols on Rails apps so that you can easily plug in Eteos or TypeKey or Passport or a local (login_generator) authentication scheme (or a notional distributed authentication scheme) and keep it working? I think that would be a great goal. Thanks for your feedback. -dave
Might I suggest Sxip (sxip.com, sxip.org, sxip.net) .. they also do distributed authentication. Doesn''t look like they''ll be going anywhere anytime soon. They also have implementations in many different languages and have pretty good documentation. If that doesn''t excite you, I would go with CAS (http://tp.its.yale.edu/tiki/tiki-index.php?page=CentralAuthenticationService) On Wed, 23 Mar 2005 11:37:33 -0600, David Adams <daveadams-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Wed, 23 Mar 2005 00:50:43 -0800, Stanislav Freidin > <bugmaster-ihVZJaRskl1bRRN4PJnoQQ@public.gmane.org> wrote: > > Sounds perfect for the site I am writing. One question, though: is eteos > > free ? If not, how much does it cost ? If it''s free, how long will it > > remain free ? I tried looking on the site itself, but could not find any > > information. > > Eteos is free and my intention is that it always will be free. The > developer information is non-existent right now, unfortunately. I''ll > add your questions to the FAQ, though. Thanks. > > > Yeah right, then they''re going to shut down their services like > > myuid.com and you''ll have to reimplement the user authentification > > yourself by the end. > > This is certainly a risk of using any centralized authentication > service. Which is why I brought up my bigger question: should we and > how do we standardize authentication (and ultimately authorization) > protocols on Rails apps so that you can easily plug in Eteos or > TypeKey or Passport or a local (login_generator) authentication scheme > (or a notional distributed authentication scheme) and keep it working? > I think that would be a great goal. > > Thanks for your feedback. > > -dave > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-- - Ramin
Ramin wrote:> Might I suggest Sxip (sxip.com, sxip.org, sxip.net) .. they also do > distributed authentication. Doesn''t look like they''ll be going > anywhere anytime soon. They also have implementations in many > different languages and have pretty good documentation. If that > doesn''t excite you, I would go with CAS > (http://tp.its.yale.edu/tiki/tiki-index.php?page=CentralAuthenticationService)Thanks a lot for pointing this project ! Having a modules for Drupal ( http://drupal.org ) and Bitflux CMS ( http://wiki.bitflux.org ) is really great, I think both frameworks are realtively nice for PHP. The authentication system is distributed, but it seems to rely on a central server for trust... To be investigated>From the dev pages, they have Java, Perl, PHP and Python libraries.Where is Ruby ? '':-)> On Wed, 23 Mar 2005 11:37:33 -0600, David Adams <daveadams-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >>On Wed, 23 Mar 2005 00:50:43 -0800, Stanislav Freidin >><bugmaster-ihVZJaRskl1bRRN4PJnoQQ@public.gmane.org> wrote:[snip]>>>Yeah right, then they''re going to shut down their services like >>>myuid.com and you''ll have to reimplement the user authentification >>>yourself by the end. >> >>This is certainly a risk of using any centralized authentication >>service. Which is why I brought up my bigger question: should we and >>how do we standardize authentication (and ultimately authorization) >>protocols on Rails apps so that you can easily plug in Eteos or >>TypeKey or Passport or a local (login_generator) authentication scheme >>(or a notional distributed authentication scheme) and keep it working? >>I think that would be a great goal.It makes me think of PAM ( http://www.kernel.org/pub/linux/libs/pam ). I wonder how much of the authentication process can be generalized, if the authentication schemes are really different.>> >>Thanks for your feedback. >> >>-daveThanks you for bringing up the discussion Cheers, zimba