dotgnu-general
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DotGNU]Macs and phpGW(was: Distributed Savannah)

From: Gopal.V
Subject: Re: [DotGNU]Macs and phpGW(was: Distributed Savannah)
Date: Fri, 16 Nov 2001 02:51:44 +0530
User-agent: Mutt/1.2.5i 
> macs was designed to be easily plugged into. The whole point of the
> exercise is to allow different authen/author/profile systems to work with
> each other, so writing auc, lmc, upc and atc modules is a snap. macs even 
> has an xml-rpc front-end, so it could be even easier for phpGW than most.

        Everybody seems to talking XMLRPC. I seem to see the webservices 
starting to come towards integration. With MDS and Dan both promising 
XMLRPC support we (or should I say they) may be able to get Macs and 
phpGW to talk to each other. 
> Being the type to put my money (foot?) where my mouth is, I'll be happy
> to contribute these modules once macs is in good working order.
        And moreover both of them seem interested too.
> Not in the current design. I've been thinking about it, though. The 
> session tokens handed out by the AUS really should point back to their 
> AUS of origin. Then AUSes can cross-authenticate each others' sessions.

        This could end-up in a dreadful mess MDS, this may cause a 
malicious cracker to set up his own AUS and cross authenticate 
into any system. We could cross-auth only with a list of trusted 
AUSes. But a better option would be what SSH uses, copy the identity
signature to all trusted machines, for a one logon scheme. Delete it 
and the machine becomes untrusted. ie if I have an identity in AUS A
, and copy it to AUS B, B automatically becomes trusted to A and only
for me . So AUTH token from B will be accepted by A after comparing 
identity signatures in A & B. Tell me if you like this idea ( I am 
great at idea reuse :-). SSH uses an RSA encrypted signature, whose
public key is accesible from the server. (or so I have been led to believe)

        The above article may be used to gain further support against e-patents.
If SSH identity service had been patented, we could not use this idea in
US ( ie so in the non-us debian dir, may be in a non-euro dir too ?).

Ciao
        Gopal.V
-- 
"If you don't succeed at first you *MUST* be a programmer"
                                               -- Anon
 //===<=>===\\
|| GNU RULEZ ||
 \\===<=>===//
reply via email to
[Prev in Thread] Current Thread [Next in Thread]