no sq

Open Source Projects Ought to Integrate

Each open source web tool has its own authentication and permission scheme. I don’t want our users to have to remember any more usernames and passwords. What if I’m running a wiki, a CMS, a blog, and a message board? (Yes, I know some CMSs can do several of those categories, but this is just a hypothetical…)

That is five usernames, five passwords, and five times the amount of IT administration that I don’t really have time to do here.

I think open source web applications ought to integrate with one another more.

History

I’m an advocate for using open-source tools at my place of work when the tools provide a good return on investment. Usually this means the tools need to

• meet a business need
• be in a stable and mature development state
• and be documented well enough so that anyone in our IT department can learn it quickly

Many programs meet this need well: PHP, mySQL, Big Brother, etc. These ones are easy to use in a business because once setup there is very little maintenance (apart from security patches) to be done.

Integration in Web Apps

In addition to the above requirements, I would love for web applications to have common

• session data - so that logging in on one system logs you in on all others
• pluggable authentication scheme - plain, MD5, salted MD5, crypt, mySQL, LDAP, etc.
• access control mechanisms - (phpGACL) comes to mind here)

It would also be nice if each app could be themed or at least given a color scheme; this way a common “look and feel” is achieved between each app and users feel they’re constantly on one site instead of five disparate systems.

This would help with * usability (less logins for my users, more consistancy), * administration (only one point of control for user lists) * and security (ditto).

It would also save time - * no new users need to be setup * no new security scheme to be analyzed, understood, and implemented

And in business saving time means saving money.

This boosts the business case for using open source software in a corporation or enterprise. The less “cost” (setup, administration, training, and maintenance) that “free” software has, the more likely it is to be used. And that’s just common sense.

Good Examples

I’ve written about DokuWiki before. Why did I decide on that wiki given so many alternatives? Simple.

• it plays nicely with MS-shop hardware (IIS, W2k3 Server)
• it integrates with LDAP authentication for its security and group access - I’m using all of my existing AD users and groups for authentication and access control
• it allows me to use my own theme so that I can match the rest of my intranet’s look and feel

Yes, I had to do a little bit of PHP hacking to get it working “just right.” But relying on AD instead of a separate user setup is really nice from an IT point of view.

Risks and Caveats

I know: one size does not fit all. Maybe a scheme that everyone adopted would be too heavy-weight for software that wants to be “fast and light.”

Or maybe people are using different database abstraction libraries (PEAR vs. ADODB vs. ADODB Lite) and don’t want to be forced to use another.

And what about different programming languages? Sure, I use a lot of PHP, but maybe your app uses ASP.net and yours uses Ruby and theirs uses Python and…

This is clearly going to be messy. And no corporation is going to trust some other entity (Google, MS, Yahoo, whomever) to store user credentials. (At least not yet.)

Rewards Would be Worth It

User administration and access control are major components of any web app. Couldn’t a lot of work/time, buggy code, and security vulnerabilities be avoided if your web app could at least plug-in to a common system that handles all those tasks for you?

This is open source software. Maybe I should just build it…

Updates

• 2005-11-29: Just found the CAS Project - looks like it is being used by universites to provide a Central Authentication Service especially geared for web services. I haven’t looked too closely at it yet, but it has clients implemented for everything from PHP to Ruby on Rails.