Authentication issue from Sam Narang on 1996-08-01 (ietf-http-wg@w3.org from July to September 1996)

From: Sam Narang <samn@ilx.com>
Date: Thu, 1 Aug 1996 10:10:48 -0400 (EDT)
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <199608011410.AA18886@kishore.devo.ilx.com>

My company is building an intranet product for the financial industry. Our
financial exchanges requires the product to pass some strict rules which prompted
me to ask the following question:

-How to properly authenticate the user? A user name/password is not enough. If
 we provide a cookie machanism, what stops the user to pass along the cookie
 file to another user?

-What is the best method to limit users to a single login, that is, if a user is
 logged in once to access our service, how to reject a second attempt from 
 another machine? In a proxy world, identifying by the IP/Socket address will 
 not help.
 
Any help will be highly appreciated.
----------------------------------------------------------------------
Sam Narang            ILX Systems Inc.            212-720-3140
email: samn@ilx.com   111 Fulton Street		  212-312-2983 (fax)
                      New York, NY  10038
----------------------------------------------------------------------

Received on Thursday, 1 August 1996 07:16:53 UTC