> physical security of the device, you can not even be sure that it is the
> device you are thinking it may be.
Isn't this kind of thing exactly what Kerberos was designed for? It's been a
while since I've muddled with Kerberos so I don't know if there's a clean
way to handle it for a web application. I know there are clients you can
install that will handle the tickets, but I don't know what it would take to
integrate them on the client side with the browser. I think there's a Java
Kerberos implementation. Perhaps a java applet that handles the tickets for
the initial login might work.
Just rambling.
-Kevin
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
