[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Auth]Project discussion
From: |
Nick Lothian |
Subject: |
RE: [Auth]Project discussion |
Date: |
Mon, 16 Jul 2001 10:49:13 +0930 |
> On Mon, Jul 16, 2001 at 09:45:36AM +0930, Nick Lothian wrote:
> > I don't think an architecture relying on browser plugins or
> any special
> > client side software is going to work.
>
> And any architecture that doesn't require trusted client-side software
> makes it impossible to implement a scheme that doesn't entirely trust
> J. Random Website with your secret key, but instead permits a trusted
> third party to mutually authenticate client and server, a la Kerberos.
>
Not unless the authentication is actually done on the passport/Auth.GNU
site, and then the browser sent back to the site that requires
authentication.
nick