back to the *point* WAS: Re: [thesite] UEUE v.0.2 Update
Daniel J. Cody
djc at members.evolt.org
Wed Nov 7 22:32:06 CST 2001
Mark Nickel wrote:
> Actually, the original question has still gone unanswered: Theoretically, is
> it possible to create an Apache handler in Perl/whatever for m.e.o. that would
> strip all UEUE-based cookies?
to be honest, i'm not sure.. i'll check it out in the morn
> The 'X-factor', I believe, was the reference to the complexities of using UEUE
> cookie-based authentication on m.e.o. Please refresh my addled brain on that
> one, Dan??
thats correct
> could build a really kick-ass X.509 certificate handler environment and issue
> certificates from ueue.evolt.org. Plus we could add biometric user
> authentication!! :) sw33t!!!!
retinal scan based ldap authentication perhaps? just a thought here, but
would a thing like this work at all?:
user goes to dan.evolt.org with X cookie(probably md5'd). dan.evolt.org
grabs cookie, sends it via xml over local signed ssl certs to
ueue.evolt.org. ueue.evolt.org assesses cookie, and sends a 'yes' or
'no' back to dan.evolt.org saying, 'user is cool with these
credentials'. inter-server communication would be xml packets encrypted
via locally signed certs. or better yet, ldap over ssl. just some
thoughts at 10:30 at night aftera six pack :)
> I went to a seminar by a crazy paranoid CSI/FBI guy in Milwaukee. (There was
> another CodeFest person there, unfortunately I can't remember your name...
> please please forgive me.. :) ) Some CA guy made a major plug for their SSO
> solution...
ya, greg was telling me about that.. heard the FBI guy pretty much
bashed MS and sent the MS folks scurrying - not to address their
problems but - to find holes in open source packages. "Well he said our
solutions are insecure, but look at how insecure X open source software
is!!!!!!"
wish i coulda been there, sorry for that uncalled for giddyness :)
.djc.
More information about the thesite
mailing list