diff options
Diffstat (limited to 'yuck.mdwn')
-rw-r--r-- | yuck.mdwn | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -16,6 +16,18 @@ Yuck supports the **OAuth2** and **OpenID Connect** protocols, and has an API to allow storing and managing data about end users, applications, and other entities related to authentication. +Yuck is intended to be used by web applications. It is not meant for +authentication Unix or ssh logins or such. Status quo is that web +applications often implement authentication themselves, but it is the +opinion of Yuck's authors that this is a bad architectural design. +Having a dedicated identity provider keeps the security sensitive +parts of authentication in one place, without mixing them with +application logic, results in a more cohesive, less coupled +architecture and implementation that is more easily reviewed and +modified. A separate identity provider also makes it easier to provide +single sign-on for groups of applications, without complicating each +application. + Yuck does not provide any services unrelated to authentication. Other services can work with Yuck to control access to them. |