A Different Approach for the Login Mess

I think that “the web” is now in a bit of a mess with the quantity of logins that we all have to remember.

There are some interesting initiatives:
OpenID
Oauth

And let’s not forget the Microsoft efforts (rumoured to have been snargelled by internal politics)

However we find ourselves continuously looking at these, then going off and doing our own home grown approach.

Our current considered approach is to do a home grown one
https://www.odesk.com/jobs/Preliminaries-for-shop-site-redevelopment-with-Drupal-Ubercart_~~bc378b25c82782e6

There is a central login site (the ClubHouse my.dmclub.net).
customers and dealers can then join groups/buy things, and then will get access to applications in certain sites.
They will be automatically registered on the sites, and when they go there, they will be automatically logged in with a cookie set.

They will not be given the local id or password, they do not want it (contentious stuff?). They can logout at any time using the standard logout.

Should they return to the site, they will be automatically logged in if the cookie is still there. If they come from another “federated site” then they will be logged in from the “federated” session key.