Web Services Access using YADIS

Pat Cappelaere pat at cappelaere.com
Thu Jul 20 00:58:05 UTC 2006


I was talking to Brian Ellin a few weeks back...
A cool thing to do would be to restrict/allow access to web services using
OpenID/YADIS.
Basically, user logs into his domain.  User want to access web service in
another trusted domain.  This should be allowed without requiring user to
re-login (assuming that domains have a trust relationship).
User would pass its openid and a one-time (or time-limited) token to Server
B.  Server B would use token to verify authentication of user by presenting
token to originating server. Server B would also get access to profile info
(optional but required in my case to get access to permission attributes).
Access to web service would then be granted or not based on presented
permissions.
Has anyone done something like this?
Thanks,
Pat.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.danga.com/pipermail/yadis/attachments/20060719/afd18599/attachment.html


More information about the yadis mailing list