On Wed, Jan 16, 2002 at 12:53:17PM -0800, Jeffrey W. Baker wrote: > On Wed, 2002-01-16 at 12:24, James G Smith wrote: > > > There is no standard method of doing single sign-on. When I > > submitted a draft for such a beast to be put in HTTP, the main > > concern was opening up more privacy holes than cookies currently do. > > You don't need to add anything to the protocol because client > certificates already implement a useful single sign-on system.
This is true if client certificates are used -- this wasn't a realistic expectation at the time, nor will it be here for a few more years, most likely. --jim
