We've been going back and forth over the last year on an integrated authentication/authorization mechanism. We implemented our own LDAP server and built LDAP libraries that have worked but seemed to over complicate the entire authentication process.
In that time, we have also seen the light of the Drupal content management system (I know...it's more than a CMS but people can't usually get their head around "application framework" and it doesn't matter to customers anyway. One of the reasons that we leaned towards Drupal was the integration with LDAP servers. However, we just haven't integrated to our LDAP server at this point because, once again, it seemed like overkill.
Administering the LDAP system was just too much of a pain. Well, it would appear that OpenID addresses the single-signon desire in a very cool, very distributed way that will integrate with many (if not most) of the open source systems we use. Plus, it will be in core Drupal 6. Wahoo!
Powered by ScribeFire.