[Evolution] Re: [discuss] Scope of GNU GLUE project [WWW Link]



On Fri, 9 Feb 2001, Michael Gerdts wrote:

On Fri, Feb 09, 2001 at 04:57:34PM +0000, Sander Vesik wrote:
BTW, what would be the security and session model when using XML-RPC?


good question 8-)

My I humbly suggest GSS-API?  This already exists on many OS's, is a
required component of NFS4, and is already well defined in RFC's
1964, 2025, 2203, 2478, 2479, 2623.  The nice thing about this is that it
allows you to integrate it with your enterprise's security system, whatever
it may be (UNIX authentication, Kerberos, X.509, etc).  It takes care of
both authentication and encryption of data.

In other words, it would not be redundant work, and it would reduce
redundant work in the future.


I'm a bit reluctant to admit GSS-API into it all as a 'mandatory' or core
part. The core should be toptally usable with no crypto. In this day and
age, it does have it's advantages. 

Not that I am overly sure at this point where XML-RPC precicely fits in...


Mike


        Sander

One day a tortoise will learn to fly
        -- Terry Pratchett, 'Small Gods'





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]