Arthur Barseghyan talks about SSO (single sign on) and two-factor authentication.
If you have multiple web frameworks and websites, normally every one of them would need a user database and its own authentication system. Without SSO, you could perhaps (bad idea) pick one of them and make that the leading one and hack the rest to support that one. Or you’d expect users to log in multiple times (also a bad idea). Or you could use a custom API to let the sites communicate their authentication data (also a bad idea).
With single sign on you don’t have many of these problems. As an example, he uses (JaSig) CAS , a java enterprise single sign-on solution. There are a whole lot of plugins. It is open source, scalable and well documented. It supports lots of backends.
For logging in you need three parties: a web browser, the CAS server, your application server. Your application server functions as a CAS client.
He showed an example. A django site (a dashboard) and a plone site (a document management system) both talk to a CAS server. The CAS server talks to an active directory server via a VPN connection. For both django and plone there were ready-to-use plugins.
Some CAS alternatives: josso, OpenAM, Pubcookie or CoSig.
Often, you only have password authentication. This is different from your bank card: you need both the card and a PIN: two factors. There are three kinds of factors.; two-factor uses two out of these three:
In his case, they used collective.googleauthenticator, a Plone app that uses google’s authenticator app. And also collective.smsauthenticator. There are alternatives for Django, like django-two-factor-auth.
My name is Reinout van Rees and I work a lot with Python (programming language) and Django (website framework). I live in The Netherlands and I'm happily married to Annie van Rees-Kooiman.
Most of my website content is in my weblog. You can keep up to date by subscribing to the automatic feeds (for instance with Google reader):