Re: [Auth]Re: [DotGNU]Authorization and Security

[Mario D . Santana]

David,

Excellent!  Auth-sharing between unrelated web sites is something that 
MACS can't do yet.  It's trickier than it sounds, so I'm immensely 
grateful that you've licked it.  Other things that I'll want MACS to do 
includes workflow and audit trail analysis.  These are under 
construction using existing GPL'd projects.  My point: it's *so* nice 
to develop in a Free Software model.  Gives MACS an enormous advantage 
over the predominantly proprietary competition.

On Thursday, July 31, 2003, at 06:03 PM, david nicol wrote:
> http://www.tipjar.com/nettoys/pink/pinkframe.html

Gives "Internal Server Error"  =(

> I recognize an AIS server that uses MACS for the underlying
> authentication as an item on my "I wish I had someone to delegate
> this to because I don't appear to have the time to do it myself"
> category.

If AIS is Free, it sounds like something that goes hand in hand with 
what MACS is all about.  I might like to work with you to integrate the 
two in the near future.  Or given the fact that you've put this in the 
"delegate" bucket, I might like to do it myself.  But I'm racing the 
clock, getting the next release of MACS ready by Monday.  I'll take a 
look at it after Linux World next week.  In any case, it's probably 
easier to change AIS to use MACS than you think...

> I have felt waves of animosity coming from the AUTH list as I have
> suggested using AIS instead of other things

Hmm.  I'm sorry if I helped you form that impression!  I don't remember 
ever hearing about AIS, though back in the day when we were running a 
"horse race" for DotGNU's auth, it might have come up and I just don't 
remember.  Either way, I personally love it when there's competition in 
Free Software, especially if it involves one of my projects.  You 
usually start by stealing code from each other and you often end up 
becoming a single, much better project, one way or another.  And 
because it's Free, whichever project "wins" is as much mine as the 
authors'.

> AIS is for sharing an authentication context accross web site
> domains, AND NOTHING MORE.

This goes hand in hand with what MACS does.  In the past months I've 
learned that there's an emerging new industry for what MACS does, 
called "Identity and Access Management."  An overview would take up 
serious space, but let me point you to http://www.digitalidworld.com/ 
and http://www.medleysoft.com/  (The medleysoft.com site will be 
launched in the next few days.)

> MACS appears to be a replacement for the password functions of
> NIS or LDAP or what-have-you.

You might add "AND MUCH MORE" to that.  ;-)  As I said, I'm on a 
ridiculously tight schedule at the moment.  Let me revisit this when I 
get back from San Francisco.  I'll look at AIS more closely and suggest 
a MACS-ing path.  I fully expect that AIS can fill one of several 
functionality holes in MACS that I'll want to address for the next 
point release.

Cheers!

mds