[Building Sakai] OAuth in sakai 2.8, 2.9 etc...PS

csev csev at umich.edu
Fri Feb 3 16:23:11 PST 2012 

I will slide the conversation back to the dev list since it is getting interesting :)   Devsters read from the bottom to catch up.

I am still not sure of the picture you are trying to paint here.

LTI does one simple thing and does it very well :)  

It provides a single sign on so that every Sakai account (shib, internal, external- whatever)  is securely sent to an external tool using OAuth in a way that the external tool can trust that the user is who Sakai says they are.   It also sends stuff like their name, mail, course, and role.

So each tool needs to learn to receive the LTI (OAuth) launch and set up accounts.

There is no way in the current world for Sakai to accept a redirect or something like that and redirect back.   

But such a thing could be built…   It is not the craziest idea ever.

The question is whether you want something about the course and the user's role or just a simple SSO where you get the user's name.

Hmmmm.

/Chuck

On Feb 3, 2012, at 6:20 PM, George Pipkin wrote:

> OK Chuck - that's an obvious exaggeration.  I don't know "all about", and
> I'm becoming convinced I don't know the "first thing" about it.
> 
> Our situation is this:
> 1) We are using sakai as our basic LMS
> 
> 2) We have a project called Shanti that has piloted Wordpress,
> Confluence, and NowComent.  These
> three apps can be gotten to from Sakai via
> Linktool, but the requirement is also to get to
> them  from Shanti's site without going through Sakai.  The
> catch is that quite often collaborative partners are
> not in our LDAP.  Sakai, as you know, can authenticate these
> people as external-id people.   So it gets kind of complicated with
> all kinds of calls coming into Sakai to see if somebody
> is actually a registered user and what the are a member of etc.
> Shibboleth is also involved in this rather complicated process
> providing the authorizations.
> 
> 3) We are going to ditch Linktool and start using BasicLTI.
> 
> 4) I am wondering if making use of OAuth
> to communicate the authorization might make sense.  As I understand
> it, BasicLTI is for the case where you're launching from Sakai into
> some external app space.  The case I'm describing is basically one
> where Sakai is asked whether an access should be permitted.
> 
> Does this make any sense, and is there anything out there for 2.8...2.9
> that might serve in this role ?
> 
> 
>                                        - George

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20120203/cb490167/attachment.html

More information about the sakai-dev mailing list