[thesite] My Intro and a look at a UEUE Proposal

[Mark Nickel]

Joshua Olson wrote:
> authentication effected by dynamic proxies?  With a dynamic proxy a user may
> change IP addresses mid-session.  It seems that such a change would/could
> invalidate a "ticket".

(I think i'm understanding your question...)

Good point.  IP Address validation is another place that UEUE will diverge
from the mod_perl example.  We won't be doing it.  In the details of 
the chapter, they refer to the problems of using an IP address in
any part of a user authentication scheme.  Because of Proxies, it is 
a good idea but in practice to difficult to really use.  "Back in da 
day" of no proxies, it worked great... :)

Pretty much the entire infrastructure is based on the secret key that is 
generated by ueue.evolt.org and replicated to all the child servers, as
well as, the unique keys used to identify each Child Server.  The whole
key thing is similar to the "web of trust" that one builds as they use
GPG/PGP.

Like it said in the documentation, this is the weakest piece of the
infrastructure.  But because it's all centralized, we can focus
significant brainpower and resources on making it really bulletproof.

Thanks for your feedback.

Mark