Here is an update of what has been going on. This summer I had an internship at one:ten. We did some brainstorming during lunch some times about how we can make a good structure for the website that we won't have to completely rewrite again in 3 years. We would like developers to use any language they want. We also want to allow developers to be able to host their portion of the website on their own servers. However we want to still be able to use the same user name and password for all the sections of the website, and still be able to password protect content. Hugh, Dan, and I have also been discussing this too. How can we allow a lot of flexibility but still keep things united. Here are some technologies that can help us do that:
OpenID:
http://openid.net/about.bml
OpenID aims at consolidating all of your user names and passwords on a single site, so you only need to enter a user name and password on one site, and just a user name on other sites. OpenID has been around since 2005 and is becoming more popular.
Here is a screen cast that demonstrates how it works:
http://video.google.com/videoplay?docid=-7463164786703060643
In our situation, we would have a main core site that acts as the OpenID server, and the developer websites are OpenID consumers. We should be able to change/extend OpenID to make it work completely behind the scenes and hidden to the user.
OAuth:
http://oauth.net/
http://www.openauthentication.org/
http://www.hueniverse.com/hueniverse/2007/09/explaining-oaut.html
OAuth is a way to pass information from one website to another in a secure way. This can allow us to pass directory information, information about what branch/area/division a person is in, etc. This is actually quite new (it came out on Sept. 21st), and I don't know of any websites that have implemented it.
Any thoughts?
Collin