We have a single sign-on (Rails) application along with a client library that other apps use to integrate with it (which provides helpers for checking for accounts and roles as well as rspec helpers for writing tests that involve logging in without retesting the login/signup flow)
Ah, ok. Do you think it would work okay with a distributed setup, with different apps on different servers, and so on? I'm imagining lots of RPC calls just for authorization. (Like, if the apps do defensive role checking.)
