[wp-edu] identity management integration

[Will Norris]

First a quick introduction:  My name is Will Norris.  Until recently,  
I worked at University of Southern California on enterprise identity  
management.  During that time I was a member of the core development  
team for Shibboleth[0], a web single sign-on package popular in higher  
education.  I now focus primarily on OpenID[1] and maintain the  
WordPress OpenID plugin[2] and a new Shibboleth plugin[3].

At USC, we were well on the way to making it institutional policy that  
any enterprise applications MUST integrate with the university's  
identity management infrastructure.  Depending on the application,  
this typically meant Shibboleth or LDAP.  The level of integration  
varied -- the bare minimum was authentication and authorization to use  
the application (the two are inseparable at USC).  Beyond that  
applications could use the IdM infrastructure for additional user  
attributes, more fine-grained authorization within the application,  
and management of user groups.

I'm particularly interested to hear what integration challenges  
universities have faced with WordPress.  Does your university require  
this integration and to what degree?  What interfaces does your IdM  
system provide -- LDAP, Active Directory, web single sign-on  
(Shibboleth, PubCookie, CAS, CoSign, other)?  How much success have  
you had with this integration?  Did you use publicly available  
plugins, or a home-grown solution?

Thanks,
Will Norris


[0]: http://shibboleth.internet2.edu/
[1]: http://openid.net/
[2]: http://wordpress.org/extend/plugins/openid/
[3]: http://wordpress.org/extend/plugins/shibboleth/