[Zope-CMF] Re: Re: Understanding the login mechanism
Gitte Wange
gitte at mmmanager.org
Fri Oct 10 03:34:54 EDT 2003
On Thu, 09 Oct 2003 21:15:35 +0200, Dieter Maurer wrote:
> Gitte Wange wrote at 2003-10-9 13:28 +0200:
> > ...
> > I have 2 sites - mainsite.com and remotesite.com. User gitte logs into
> > remotesite.com
> > Then the user goes to mainsite.com
> > Now mainsite.com asks remotesite.com if user gitte is logged in (by using
> > XMLRPC)
>
> We do something like this using encryption.
>
> The link from "remotesite.com" to "mainsite.com" contains
> the info: "I come from 'remotesite.com'" and an encrypted secret.
>
> "remotesite.com" and "mainsite.com" have exchanged encryption
> keys. "mainsite.com" sees an incoming request from "remotesite.com"
> and uses its key to decrypt the secret. It gives:
> the source (i.e. 'remotesite.com'), the user identity and a timestamp.
> If the sources agree and the timestamp is fresh, then the user
> is authenticated.
Sounds like a very useable solution :-)
Do you have any code examples I can look at?
Not sure have to create the encoded string with an encryptionkey.
--
Gitte Wange
Technical Manager
Email: gitte at mmmanager.org
Web: http://www.mmmanager.org
Tlf: +45 36 46 20 02
Our goal is to be the "Linux of Content Management".
This means Open Source, it means community...
-- Paul Everitt: Zope-CMF Mailing List
More information about the Zope-CMF
mailing list