ticket based authentication

 From the response, it would seem some form of third-party 
authentication may be desired and useful, but no clear concensus 
on how best to go about it.  I don't have an answer to that, but 
I have put my thoughts together in the form of a draft, which 
should appear sometime as 


Until it is posted on the IETF site, it is available from my
own workstation at 


I already have a correction for it -- the expiration time should 
be in GMT (section 2.2).

An issue that is not addressed is how to indicate that the client
should abandon the authentication process and discard the pending
request awaiting credentials.  The authentication process MUST
indicate one and only one of success or abandonment.  When in doubt,
the client may abandon the process?  This could be the case if
the client becomes confused as to what is going on.
James Smith <JGSmith@TAMU.Edu>, 409-862-3725
Texas A&M CIS Operating Systems Group, Unix

Received on Wednesday, 9 August 2000 14:46:52 UTC