[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Auth]Re: [DotGNU]Authorization and Security
From: |
david nicol |
Subject: |
Re: [Auth]Re: [DotGNU]Authorization and Security |
Date: |
31 Jul 2003 17:03:17 -0500 |
I read the MACS spec recently while casually auditing my various IP,
one of which is the "AIS" project, which is a working web service
for sharing an authentication accross multiple web domains that do
not share cookies due to being at different hosts. A working example
of it is at
http://www.tipjar.com/nettoys/pink/pinkframe.html
which is a crude little tool that serves as an example of AIS
in action.
I recognize an AIS server that uses MACS for the underlying
authentication as an item on my "I wish I had someone to delegate
this to because I don't appear to have the time to do it myself"
category.
I have felt waves of animosity coming from the AUTH list as I have
suggested using AIS instead of other things, but AIS is not competing
with MACS at all, as it serves a different purpose. AIS is for
sharing an authentication context accross web site domains, AND NOTHING
MORE. MACS appears to be a replacement for the password functions of
NIS or LDAP or what-have-you. The fact that Pink makes you do a clunky
e-mail verification is because Challenge-Response is the authentication
method used by the demonstration; the authentication method selected
is orthogonal to the AIS operation (a five step handshake including
a separate back channel between the client service and the AIS server)
and a MACS api front-end would be perfect.
On Sat, 2003-07-19 at 18:45, Mario D.Santana wrote:
> In the last meeting on July 19, 2003, 1600UTC, I agreed to answer
> Mike's very thorough posting on DotGNU Authorization and Security with
> information on how MACS can meet DotGNU's identity needs. I've tried
> to be as thorough in my response, so beware.
> First, some context. MACS is the Modular Access Control System. It's
> a GPL'd Identity Management System with features...
--
David Nicol /