Hi folk, just hoping to provoke some thoughts here... over in squid-users we had a recent discussion which lead to the semi-layout of the mechanisms the OS/platform needs to offer to browsers for them to provide end-end secure single sign on. Both Henrik and I posted rough descriptions... A good entry to the thread http://www.squid-cache.org/mail-archive/squid-users/200307/0452.html http://www.squid-cache.org/mail-archive/squid-users/200307/0468.html is my -rough- sketch of what is needed by a browser to do SSO to a web proxy for Digest and Basic/SSL authentication. http://www.squid-cache.org/mail-archive/squid-users/200307/0470.html and http://www.squid-cache.org/mail-archive/squid-users/200307/0474.html are henriks notes. (We both posted without seeing the others until after-posting I think). Anyway, Jeff Waugh suggested that this list would be the best one to get the ball rolling on the platform end, to offer the end user services. Once the API is available, browser support can be added, and directory service support (as plugins to the platform I guess) for different directories. Having single sign-on for web access - both proxies and web servers - would be really cool for the unix world, so I hope this fires some imagination... Oh, and I stand by my offer in that thread - I'll put the necessary glue in squid to support md5-sess for browsers, when the framework for SSO comes together.. Cheers, Rob -- GPG key available at: <http://members.aardvark.net.au/lifeless/keys.txt>.
Attachment:
signature.asc
Description: This is a digitally signed message part