Turns out that open source Apache apps can also now leverage stronger portable identity through the work of Ping Identity. Ashish Jain announced the Apache Authentication Module for CardSpace. Kim Cameron commented on another mind-altering announcement from Ping Identity, enabling authentication via cardspace to an Apache relying party. Since many sites use weak username/password combinations this creates a much stronger and flexible access control approach:
The whole cardspace processing can be a black box for the administratorsThe module puts the attributes in the session. So if you have a PHP application, you can do the following to retrieve the attributes
$email = $_ENV[’auth_infocard_env_emailaddress’]
$ppid = $_ENV[’auth_infocard_env_privatepersonalidentifier’]The same thing works in any other programming language, since they all give you access to your environment variables.
So this is pretty much as simple as it gets. I hope everyone with a product that runs on Apache will look at this.
But wait! There’s more! When I wrote to Ashish to congratulate him on this development, he added:
We also have a .jar file for java that serves the similar purpose (we internally refer it as the cardspace-magic.jar and we will open source some day). Same idea…drop the .jar file in, then:
xmltoken in -> attribute’s map out
So if you use Java, you can go that way too.
This is very cool stuff -- real enabling technology for building stronger distributed apps.
Comments