I want to implement a discrete remote authentication server that handles login for many sites. Quite similar to OpenID.
Basically, I have site-1 and site-2, and they both depend on the same user database, which is located on a separate auth site. Thus, auth-site processes user authentication for them, and during this process makes information available to the user requesting authentication to the requesting system.
Each site can be located on a completely separate domain name on completely separate machines.
This is all through HTTP (S), direct access to the database is not possible.
Here is one last quirk: after a user logs on to site-1, when the user accesses any other site, which depends on the auth site, the site should treat the user as already verified.
This entire business should be completely useless to the end user. It should work like a simple regular login form.
As a concrete example, let's say we are talking about stackoverflow.comand serverfault.com, and both are authenticated through authentic-overflow-server-stack.com. Again, after logging into any site, I can go to another and do my business without logging in again.
What I would like to know is the general mechanism of interaction between the sites behind this scenario.
Rails, [1], , . OTOH, , MVC, REST - .
[1]: MIT/BSD- //, .