UMA and OpenID Connect Plugins for Apache

1
UMA and OpenID Connect Plugins for Apache
It would be so awesome if we (meaning the
citizens of the Internet) had plugins for popular
web servers to make it easier to use OAuth2 to
authenticate a person, and to authorize them to
access certain URLs.   The web server plugin is a
tried and true approach to protecting web
resources (both files and APIs) without
requiring a Web programmer to know much about
complex authentication and authorization
protocols. Shibboleth, the most widely adopted
open source SAML platform, uses this approach for
its Shibboleth SP software.   According to the
Netcraft survey in April 2013, Apache HTTPD had
54 of the web server market, approximately 341M
servers. Take out Googles 23M servers, and the
number is even higher. Its a good place to
start.   To date, open source web server plugins
have delivered on authentication, not
authorization. Large companies can afford to buy
expensive software for authorization from
companies like CA, Oracle and IBM.
2
These monolithic enterprise software vendors
write web server plugins that used proprietary
protocols to register and communicate with a
central policy server. However, because of their
price, most web developers just do without
central authorization.   Thanks to the hard work
of the UMA community, a profile of OAuth2 has
been defined to accomplish authorization. OX has
implemented this standard, enabling organizations
to define their access policies using Java,
Python, or web services. Gluu has agreed to
implement an open source java client (OXD) that
can be deployed locally on the web server to
handle the OAuth2 messaging. The only piece that
is missing is the plugin to the web
server.   This project will actually deliver two
OAuth2 plugins for Apache HTTPD server (1) a
plugin for OpenID Connect to handle the OAuth2
authentication (2) a plugin for for UMA, to
handle the OAuth2 authorization. The design for
the UMA plugin is documented on the OX Project
wiki http//www.gluu.co/.glcw   Gluu has
identified a resource to work on the project. In
his cover letter, he wrote  
3
I have been working on writing apache modules
for a reverse proxy product to provide single
sign functionality. Ive worked on projects to
develop 10 custom modules to address the business
needs of our product. I even have working
knowledge on open source apache modules such as
mod_proxy, mod_proxy_http, mod_cache,
mod_disk_cache etc and having thorough
understanding on apr library , pools..   This is
a new funding model for us. Were hoping that
companies and integrators who want to see more
options for open source authentication and
authorization will support the effort. The intent
is to donate the code produced by this effort to
a non-profit, such as the Kantara Foundation, who
could help develop a self-sustaining business
model to fund future upgrade and fixes for the
Apache plugin, and to create plugins for other
web servers like IIS, nginx, or even popular CMS
/ CRM platforms such as WordPress and SugarCRM.
In this way, this project could kickstart a new
development ecosystem which will ultimately make
the Internet a safer place for everyone.   Article
Resource http//gluu.soup.io/post/356330759/UMA
-and-OpenID-Connect-Plugins-for-Apache