more than interested, I can provide some actual input on this stuff for having
seen many single sign-on systems.
The first question to ask is: what is the exact goal? Are we trying to have
OpenACS users authenticate against an external system? Are we trying to
have the OpenACS system *be* the authoritative user database against
which other systems can authenticate?
In addition, are we looking at mostly username/password schemes, or are we
looking at more intricate cryptographic systems (certificates, etc...)? To some
degree, this matters less, since this can be somewhat abstracted out (but not
completely - you need to define your baseline security assumptions about
what credentials exist out there).
So let's set a simple initial goal. I would vote for looking at username/
password authentication against external systems as a first step.