On Wed, Aug 31, 2005 at 01:44:25PM +0100, Ian G wrote: > Not only is there this distance, it is duplicated > across all languages and all the different auth > regimes and also for "homegrown" password auth, > over every application! I'd wonder if given these > barriers it will ever be possible to get change to > happen? >
At least here, the front-end servers handle a plethora of authentication types including client certificate (so client password in TLS should work too) and the authentication context is then propagated via cookies to the deep stack of applications behind the perimeter servers. This said, indeed this is a challenge. Any site that can get client certs working, can handle variations on the theme, if their authentication happens deep inside the system (say AD Domain controller behind the webservers) it won't work. -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]