Authentication / Single Sign On / Yii Rights


I am considering using salesforce as our primary "identity" authentication, which has soap/rest APIs to validate credentials, also can validate existing user sessions with in salesforce. I can do most of this in the authenticate method of UserIdentity. My question for the group is, how might this integrate with Yii::Rights access control module leveraging users/useridentity from salesforce, and roles, tasks, etc from rights for use in the web app?

Thank you in advance!

just the way i’d do this…

use a local table and store the least possible user information that can uniquely identify each user against salesforce and upon authentication match the logged in user to the local user and apply access control & RBAC physically

you can technically do the same thing by calculating an identifier for the user on each login, which should not change through time, but i don’t think this would be an equally “clean” solution