back to the *point* WAS: Re: [thesite] UEUE v.0.2 Update

[Mark Nickel]

"Daniel J. Cody" wrote:

> take out about the part regarding m.e.o complexities for now. i know we
> talked about it on the phone, but lets just disregard that 'X factor' :)
>

Actually, the original question has still gone unanswered:  Theoretically, is
it possible to create an Apache handler in Perl/whatever for m.e.o. that would
strip all UEUE-based cookies?

The 'X-factor', I believe, was the reference to the complexities of using UEUE
cookie-based authentication on m.e.o.  Please refresh my addled brain on that
one, Dan??

I would propose that cookie-based authentication is not really "the ideal"
solution for all this...  J2EE and .NET really address the whole Global
Session, Global Authentication problems...  However, cookie-based
authentication *IS* generally "good enough" for our purposes.

My new I.S. motto:  "It doesn't have to be good, just good enough"  I forget
where I read that, but I like it..

J2EE and .NET are going to rely on server-to-server communication to facilitate
the authentication...  Another solution would be to add digital certificates to
everyone's browser who signs up for an account on ueue.evolt.org.  Then we
could build a really kick-ass X.509 certificate handler environment and issue
certificates from ueue.evolt.org.  Plus we could add biometric user
authentication!!  :)  sw33t!!!!

I went to a seminar by a crazy paranoid CSI/FBI guy in Milwaukee.  (There was
another CodeFest person there, unfortunately I can't remember your name...
please please forgive me.. :)   )  Some CA guy made a major plug for their SSO
solution...

Cheers!
Mark
--
"Caution: Cape does not enable user to fly."

-Batman costume warning label