Thread: [limesurvey-developers] Authentication module of Limesurvey 1
The leading Open Source survey tool
Brought to you by:
c_schmitz
From: Md K. I. <ka...@gm...> - 2010-03-26 09:20:49
|
Hi, I, Md. Kamrul Islam, am currently pursuing my PhD in Information Technology at Monash University, Australia. I am really interested to work in opensource project and would like to apply for GSoC this year. I have 7 year of experience (taking into account both professional and non-professional experiences) in web programming specially in PHP. I am familiar with AXAJ, CakePHP, JQuery and also have experience in working with databases like MySQL, Oracle, MSSQL. I am interested in working with the Authentication module of Limesurvey 1. I am exploring openID for last few days and hope I'll be able to work on it. I am also working with the Limesurvey 1.87 to get used to with it. Hope it will nice working with such a fantastic opensource project and with an extraordinary group of people. -- Regards, Md. Kamrul Islam PhD student Monash University |
From: Thibault Le M. <Thi...@su...> - 2010-03-26 15:01:20
|
Hi, Good this is an interresting project ;-). Md Kamrul Islam a écrit : > Hi, > > I, Md. Kamrul Islam, am currently pursuing my PhD in Information > Technology at Monash University, Australia. I am really interested to > work in opensource project and would like to apply for GSoC this year. > I have 7 year of experience (taking into account both professional and > non-professional experiences) in web programming specially in PHP. I > am familiar with AXAJ, CakePHP, JQuery and also have experience in > working with databases like MySQL, Oracle, MSSQL. Good, however note that LS1 is not based on CakePHP ;-) > > I am interested in working with the Authentication module of > Limesurvey 1. I am exploring openID for last few days and hope I'll be > able to work on it. I am also working with the Limesurvey 1.87 to get > used to with it. Hope it will nice working with such a fantastic > opensource project and with an extraordinary group of people. Getting used to LS1 is good but having a look at how it is implemented is even more important for this project. The difficult part will not be to implement openId or CAS or any authentication scheme as we usually are able to find opensource libraries to connect to these authentication backends. I think the most difficult part will be to design an interface in LS1 that will make it possible to implement _any_kind_ of authentication backends. For instance, you can consider the following different cases: 1- Case study 1: LS1 authentication is based on a simple User/Password form, and the password (or password hash) is read from the internal (usual) DB or on another Database (such as LDAP when using Ldap as a database and not using ldap-bind). 2- Case study 2: LS1 authentication is based on a simple User/Password form, but the authentication is delegated to a server able to check the password validity: for instance LDAP (when using Ldap-bind authentication), or Radius. 3- Case study 3: LS1 is integrated into another web application which does implement authentication. LS1 authentication is then done simply by checking a value in a given SESSION parameter, or in a GET parameter. 4- Case study 4: LS1 uses the web serveur Authentication (equivalent of current Web Server Authentication Delegation mode) 5-Case study 5: LS1 authentication uses an external authentication protocol which requires several messages to be exchanged between the authentication server and the client (maybe several forms to be filled). For instance: first screen asks for username, the server replies with a challenge, then the second form ask for the passwords corresponding to the proposed challenge. 6-Case study 6: Authenication is done on a remote web service which generates a service-token for LS1. The user is then redirected to LS1 and provides (either in a cookie or in a GET or POST parameter) the token. LS1 has to check that the token is valid and then grants access to the user. Example of such authentication protocoles are CAS and openId. Apart from the authentication itself, another important point is authorization. Indeed, authentication only checks that the user is really who he pretends to be, but it doesn't cope with the user rights issue. So once authentication is performed, LS1 needs to know the user rights for this user: the global rights, as well as specific rights on each surveys. The current approach when delegating authentication to the Web server, is to let the authentication module create the new user if it is not already in the LS1 database. it is event possible to assign him user-specific global rights by a "hook" function. The Authentication interface will have to specify this aspect as well so that any authentication module will be able to populate the LS1 permissions system. I really encourage you to read the LS1 code and check the following files: usercontrol.php And read the following page: http://docs.limesurvey.org/tiki-index.php?page=Optional+settings&structure=English+Instructions+for+LimeSurvey#Authentication Hope I've helped a little in describing the project, Regards, Thibault > > -- > Regards, > Md. Kamrul Islam > PhD student > Monash University > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > ------------------------------------------------------------------------ > > _______________________________________________ > limesurvey-developers mailing list > lim...@li... > https://lists.sourceforge.net/lists/listinfo/limesurvey-developers > |