--On December 3, 2005 8:52:38 PM +0000 Colm MacCarthaigh <[EMAIL PROTECTED]>
wrote:
* A threaded MPM to become the default: I would like mod_cgid
How about making the MPMs DSOable?
* Build upon the aaa framework to do some more useful things. Two
in particular I'd like, but they are awkward and contentious.
First, is that we have a lot of third-party providers coming up
with ways of storing state for authentication via http. Most
often via cookies, but sometimes via url-encoded session ID's
and so on. It's messy and ugly, but ignoring the reality of
One-Time Passwords isn't good either, so it might be justifiable
to come with a framework for a united approach. Making say
mod_authnz_secureid only a small bit of work.
The other thing I think is missing from the aaa framework is
a way for an admin to mandate that aaa happen over an encrypted
session only. Some magic directive that doesn't extend into
per-dir/htaccess land that helps them out a little in making
sure that https is being used.
Huh. Cool. I'd like to hear more about this... -- justin
