W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

Authentication issue

From: Sam Narang <samn@ilx.com>
Date: Thu, 1 Aug 1996 10:10:48 -0400 (EDT)
Message-Id: <199608011410.AA18886@kishore.devo.ilx.com>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
My company is building an intranet product for the financial industry. Our
financial exchanges requires the product to pass some strict rules which prompted
me to ask the following question:

-How to properly authenticate the user? A user name/password is not enough. If
 we provide a cookie machanism, what stops the user to pass along the cookie
 file to another user?

-What is the best method to limit users to a single login, that is, if a user is
 logged in once to access our service, how to reject a second attempt from 
 another machine? In a proxy world, identifying by the IP/Socket address will 
 not help.
 
Any help will be highly appreciated.
----------------------------------------------------------------------
Sam Narang            ILX Systems Inc.            212-720-3140
email: samn@ilx.com   111 Fulton Street		  212-312-2983 (fax)
                      New York, NY  10038
----------------------------------------------------------------------
Received on Thursday, 1 August 1996 07:16:53 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:05 EDT