-
It would seem to me that many large enterprises already have robust directory services such as Active Directory and it would be silly to constantly duplicate users in an application-specific store.
-
Even if you require duplicating the user store, you can provide a mechanism to authenticate against Active Directory. Alternatively, you could support a standards-based SSO mechanism that leverages SAML.
-
Support for the XACML protocol. Duplicating information on roles and entitlements is equally insidious.
-
Support for the SPML protocol. Many enterprise leverage identity management toolkits and would at least like out of the box integration in terms of centralized management and provisioning.
So, why aren’t open source projects considering this type of functionality as a default to getting on the radar within an enterprise context?
Lots of reasons, but one of the biggest is that there’s less convergence on what the right or best methods really are than you seem to believe.
Active Directory, for example, is kind of notorious for presenting implementation difficulties to non-Microsoft developers.
There are probably a half dozen competing single-sign-on ‘standards’.
It’s very difficult to reconcile different roles/privileges models — hell, Sun has trouble reconciling the models of Solaris Trusted Extensions with the Java model.
Solving those problems isn’t a lot of ‘fun’ and so FOSS developers are attracted to other issues.