Re: External Auth

From: George Michaelson <[email protected]>
Date: Thu, 19 Nov 1998 09:07:54 +1000

  Client IP makes sense, but URL doesn't.
  
  The purpose of the authenticator is to validate who the user
  is, not if he has access to a given URL or not.
 
Um.. Are you saying "you don't perceive it as useful" or are you saying
"it cannot work" because they are not the same thing at *all*

It is (to me at least) tenable to suggest that if you have a tuple of
        {user,password,client-ip,URL}

and you have decided you can live with the delay of an IPC to an external
auth process, the added delay to do some hash on client-ip and URL to derive
a complete "this person, *FROM THIS LOCATION* can get this data" outcome.

cheers

-George

--
George Michaelson         |  DSTC Pty Ltd
Email: ggm@dstc.edu.au    |  University of Qld 4072
Phone: +61 7 3365 4310    |  Australia
  Fax: +61 7 3365 4311    |  http://www.dstc.edu.au
Received on Wed Nov 18 1998 - 16:03:29 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:09 MST