-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The problem that I see is the the public workstation is "not secure" ~ and having the community carry "secure eletronic ID" would cost too much to impliment. This would rule out public key systems, so the login ID and password is the best for this semi secure enviroment. I would like a system that has fine grain Access Control per user. I was thinking about using kerberos different services for the access control. | | Leading contenders for protocols, open or otherwise, would be: | | * SSL/X.509: the VeriSign/CA solution. You don't have to use | VeriSign certs; you can be your own CA instead. Vendors include | people like Entrust, Baltimore, RSA, BBN, and Schlumberge. ~ I am using OpenCA and testing it now. This would require each member of the community to carry an eletronic ID and each computer to have a ID reader. | | * SSH: doesn't have a PKI built into it, which is why it scales down | so well. But that doesn't stop you from setting up a PKI. However, | there is no open standard for SSH PKI. SSH would offer the security but not the fine grain access | | * Liberty Alliance (guarded skepticizm) I looked at the spec. The security stuff is VERY VERBOSE. it takes 2K of XML security text just to send one small piece of information. I am still studying it. It is based on OASIS SAML. It may be OK for heavy weight security and longer session but for quick lightweight sessions its big. | | * Microsoft Passport (abject terror :) EVIL -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9Nkq4n6I06Opz+XURAoVSAKCs89z70G7sCwZRVm1KEL//etXPewCfW/aX b76m+G4ooDDZuGENSKfb5Y8= =sNnS -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 23:10:39 PDT