back to the *point* WAS: Re: [thesite] UEUE v.0.2 Update
Mark Nickel
mnickel at new.rr.com
Wed Nov 7 21:47:37 CST 2001
"Daniel J. Cody" wrote:
> take out about the part regarding m.e.o complexities for now. i know we
> talked about it on the phone, but lets just disregard that 'X factor' :)
>
Actually, the original question has still gone unanswered: Theoretically, is
it possible to create an Apache handler in Perl/whatever for m.e.o. that would
strip all UEUE-based cookies?
The 'X-factor', I believe, was the reference to the complexities of using UEUE
cookie-based authentication on m.e.o. Please refresh my addled brain on that
one, Dan??
I would propose that cookie-based authentication is not really "the ideal"
solution for all this... J2EE and .NET really address the whole Global
Session, Global Authentication problems... However, cookie-based
authentication *IS* generally "good enough" for our purposes.
My new I.S. motto: "It doesn't have to be good, just good enough" I forget
where I read that, but I like it..
J2EE and .NET are going to rely on server-to-server communication to facilitate
the authentication... Another solution would be to add digital certificates to
everyone's browser who signs up for an account on ueue.evolt.org. Then we
could build a really kick-ass X.509 certificate handler environment and issue
certificates from ueue.evolt.org. Plus we could add biometric user
authentication!! :) sw33t!!!!
I went to a seminar by a crazy paranoid CSI/FBI guy in Milwaukee. (There was
another CodeFest person there, unfortunately I can't remember your name...
please please forgive me.. :) ) Some CA guy made a major plug for their SSO
solution...
Cheers!
Mark
--
"Caution: Cape does not enable user to fly."
-Batman costume warning label
More information about the thesite
mailing list