Security and Identity
Ruby, CAS and OpenID
Justin Gehtland
justin@thinkrelevance.com
Copyright 2007, Relevance, Inc.
Licensed only for use in conjunction with Relevance-provided training
For permission to use, send email to contact@thinkrelevance.com

Hello, My Name Is
Justin Gehtland
President of Relevance
justin@thinkrelevance.com
Copyright 2007, Relevance Inc.

Step 1
> rails myapp
Copyright 2007, Relevance Inc.

Step 2
> script/plugin install acts_as_authenticated
Copyright 2007, Relevance Inc.

Step 3
There is no step 3!
Copyright 2007, Relevance Inc.

Good Enough?
Redundant implementations
No shared auth
Comingled storage
Copyright 2007, Relevance Inc.

Identity: There should be only one
Client Rails App Auth Store
Request Locked Page
Redirect to Central Login
Request Login Page, Perform Login
Return Token
Request Locked Page, Present Token
Provide Token, URL
Authenticate request
Provide Locked Page
Copyright 2007, Relevance Inc.

Two Types of Central Authentication
Private
Located within enterprise or WAN
Circumscribed set of apps
Public
Available on public internet
Apps opt in
Copyright 2007, Relevance Inc.

OpenID (PUBLIC)
Free, Open central ID
Vendor-supported, but not controlled
Copyright 2007, Relevance Inc.

ruby-openid
Dependencies on:
net transports
Yadis (OpenID + directory service)
Copyright 2007, Relevance Inc.

CAS (PRIVATE)
Central Authentication Service
FOSS
Java-based
Copyright 2007, Relevance Inc.

rubycas-client
Matt Zukowski, Ola Bini and Matt Walker
Simple wrapper around CAS
Development is mostly just configuration
Copyright 2007, Relevance Inc.

What about...
LDAP
NTLM
Commercial SSOs
Copyright 2007, Relevance Inc.