W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1999

Re: User credential passing standard

From: Neil Gulati <ngulati@scu.edu.au>
Date: Mon, 26 Apr 1999 19:52:38 -0400 (EDT)
Message-Id: <199904262352.JAA27522@cyclops.scu.edu.au>
To: www-talk@w3.org
www-talk-d Digest				Volume 99 : Issue 12
Re: User credential passing standard

No doubt I am showing my ignorance, so tell me to shut up if I am just butting in, but surely 
kerberos offers a SSO credential passing system that is extendable accross domains? All you 
need is a cookie naming convention so clients can cache their credentials from any particular 
server on a known cookie on their own machine?

Anil
anilg@geocities.com
ngulati@scu.edu.au
________________________________________________________________________________

>   You didn't mention if the servers are in the same Domain.  If they are then
> using a combination of Domain cookies and a common authentication server to
> your
> servers would probably do the trick.  Digest authentication is better but
> as people have already stated, it ain't there yet.  Are you worried about
> session timouts, single signon, access control and simplified administration?
> You might want to look at a commercial SSO system for web servers.

I am developing a commercial SSO system of sorts. I just want to plan for
some level of interopability.

And I guess the servers I have in mind are in the same domain. But I would
think that the user credential "data" would be the same in either case. I
am less interested in "how" this data would be passed in these two cases.

________________________________________________________________________________
Neil (Anil) Gulati
ngulati@scu.edu.au

Unix Systems
Information Technology Directorate
Southern Cross University
Northern Rivers NSW Australia
Received on Tuesday, 27 April 1999 14:05:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:24 GMT