see
Shibboleth
here at university i login *once* and am authenticated via
local mechanism. i can now visit napster and they recieve
something like:
SHIB-USER: 76e4f594477c4121b3b560548dc8229e@uni.edu
SHIB-AFFILIATION: member@uni.edu
so they don't really know who i am, only that i'm from the
uni and have a uniq-id.
an internal uni site might recieve:
SHIB-USER: me@uni.edu
SHIB-AFFILIATION: member@uni.edu, staff@uni.edu
and an internal department site might recieve:
SHIB-USER: me@uni.edu
SHIB-AFFILIATION: member@uni.edu, staff@uni.edu
SHIB-DEPARTMENT: Information Services
SHIB-EMPLOYEE-ID: 85493
SHIB-OFFICE-EXT: x74393
Shibb has had some growing pains but has gotten much better
the past year or so. the auth parts are handled by an
Apache module so the application just needs to pull the info
from the environment variables.
Shibb could be used to allow Perl Monks, PAUSE, cpanforum
and others to trust eachother without sharing passwords
back and forth.