The four web authentication modules that have the most visibility in
higher-ed are:
PubCookie, originally developed at the University of Washington,
http://www.pubcookie.org/
CoSign, originally developed at the University of Michigan,
http://www.umich.edu.ezproxyberklee.flo.org/~umweb/software/cosign/
CAS, originally developed at Yale, http://www.ja-sig.org/products/cas/
WebAuth, originally developed at Stanford University,
http://webauth.stanford.edu/
As we talked about the current vision is that IS&T will run an web site
where users will be expected to initially authenticate. Once that has
happened, users will be able to authenticate to other MIT web sites without
additional user interaction.
The web login service should provide users with a variety of mechanisms for
initial authentication. We'd like to support:
- X.509 user certificates
- Username/password protected by SSL
- Kerberos via http/spnego
A related project will be to support a Shibboleth deployment.
Shibboleth from Internet2, http://shibboleth.internet2.edu/
More information about http/spnego can be found at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/http-sso-1.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/http-sso-2.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/http-sso-3.asp