NYCPHP Meetup

[Michael B Allen]

On 9/22/07, Hans Zaunere <lists at zaunere.com> wrote:
>
> Hello all,
>
> A recent presentation suggestion was on the topic of integration.  For
> instance, taking the best of breed CMS, calendar and shopping cart
> application and getting them to cross-connect.  Namely, for user
> authentication, authorization and management.
>
> There is no single solution that I am aware of, but typical strategies
> include the following:
>
> -- custom code to glue these different items together, on a case-by-case
> basis
>
> -- starting out with a framework of sorts and using moodules built for it.
> The framework then provides the integration.

Hi Hans,

It really would be a boon if there were some kind of PHP standards
like Java's Servlet API and JAAS (minus the bloat). I fear that's the
only way you're going to get good realiable interop of components.

I've done SPNEGO auth plugins for MediaWiki, SugarCRM, and Joomla! 1.5
and they were all suprisingly different (in some cases it simply
wasn't possible - Joomla! 1.0 didn't have the necessary hooks). It
seems apps tend build auth around the idea of a username and password
but we're doing SSO which usually doesn't even have access to a
password.

Authorization is even harder. The application must use one method to
address and handle a resource being protected. We had page ACLs for
MediaWiki but we recently ripped it out because MW quite simply wasn't
designed to protect content by name or action. Users could access the
same content through a variety of different methods.

Mike