dotgnu-auth
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Auth]Re: [DotGNU]Authorization and Security


From: david nicol
Subject: Re: [Auth]Re: [DotGNU]Authorization and Security
Date: 31 Jul 2003 17:03:17 -0500

I read the MACS spec recently while casually auditing my various IP,
one of which is the "AIS" project, which is a working web service
for sharing an authentication accross multiple web domains that do
not share cookies due to being at different hosts.  A working example
of it is at 

http://www.tipjar.com/nettoys/pink/pinkframe.html

which is a crude little tool that serves as an example of AIS
in action.

I recognize an AIS server that uses MACS for the underlying
authentication as an item on my "I wish I had someone to delegate
this to because I don't appear to have the time to do it myself"
category.


I have felt waves of animosity coming from the AUTH list as I have
suggested using AIS instead of other things, but AIS is not competing
with MACS at all, as it serves a different purpose.  AIS is for
sharing an authentication context accross web site domains, AND NOTHING
MORE.  MACS appears to be a replacement for the password functions of
NIS or LDAP or what-have-you.  The fact that Pink makes you do a clunky
e-mail verification is because Challenge-Response is the authentication
method used by the demonstration; the authentication method selected
is orthogonal to the AIS operation (a five step handshake including
a separate back channel between the client service and the AIS server)
and a MACS api front-end would be perfect.


On Sat, 2003-07-19 at 18:45, Mario D.Santana wrote:

> In the last meeting on July 19, 2003, 1600UTC, I agreed to answer  
> Mike's very thorough posting on DotGNU Authorization and Security with  
> information on how MACS can meet DotGNU's identity needs.  I've tried  
> to be as thorough in my response, so beware.

> First, some context.  MACS is the Modular Access Control System.  It's  
> a GPL'd Identity Management System with features...

-- 
David Nicol /




reply via email to

[Prev in Thread] Current Thread [Next in Thread]