Ruby on Rails

> http://www.windley.com/archives/2006/04/how_does_openid.shtml
> http://en.wikipedia.org/wiki/OpenID
>
> Basically you post the login credentials to your second app through URL
> +POST parameters, your second app authenticates and sends back the
> data needed to identify the user, first app uses this to create the
> session. This is extremely simplified and you'll need to worry about
> security, establishing trust between the apps etc.
>
> Another way to go about it is to use ActiveResource, which basically
> establishes interapp communication on a server level.
>
> It all depends on your needs basically. Don't try to overcomplicate
> matters too much by trying to decentralize too much (decentralization
> has its uses and advantages, but it also brings a whole slew of extra
> work).

Mmm.. but in this case you're considering that there are two separated
applications, but actually there is only one application which manage
both the main and the external apps/domains.

The signin/signup page will be on the main address (in order to have a
correct ssl from the main domain), but then the user will be redirected
back to the external domain. This shouldn't be a big problem, my worry
is about the session cookie, having it set on the main domain it would
refer to it, and it actually won't be in the external one. Otherwise to
solve it the signup/signin page could be on the external domain too, but
without a ssl page it wouldn't be so cool (actually it would be better
on everypage, but i'm worried that it would overcomplicate a lot all the
system)

--
Posted via http://www.ruby-forum.com/.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.