[Zope-CMF] Re: Re: Understanding the login mechanism

Gitte Wange gitte at mmmanager.org
Fri Oct 10 03:34:54 EDT 2003


On Thu, 09 Oct 2003 21:15:35 +0200, Dieter Maurer wrote:

> Gitte Wange wrote at 2003-10-9 13:28 +0200:
>  > ...
>  > I have 2 sites - mainsite.com and remotesite.com. User gitte logs into
>  > remotesite.com
>  > Then the user goes to mainsite.com
>  > Now mainsite.com asks remotesite.com if user gitte is logged in (by using
>  > XMLRPC)
> 
> We do something like this using encryption.
> 
> The link from "remotesite.com" to "mainsite.com" contains
> the info: "I come from 'remotesite.com'" and an encrypted secret.
> 
> "remotesite.com" and "mainsite.com" have exchanged encryption
> keys. "mainsite.com" sees an incoming request from "remotesite.com"
> and uses its key to decrypt the secret. It gives:
> the source (i.e. 'remotesite.com'), the user identity and a timestamp.
> If the sources agree and the timestamp is fresh, then the user
> is authenticated.

Sounds like a very useable solution :-)
Do you have any code examples I can look at?
Not sure have to create the encoded string with an encryptionkey.

-- 
Gitte Wange
Technical Manager

Email: gitte at mmmanager.org
Web: http://www.mmmanager.org
Tlf: +45 36 46 20 02

Our goal is to be the "Linux of Content Management".
This means Open Source, it means community...

    -- Paul Everitt: Zope-CMF Mailing List





More information about the Zope-CMF mailing list