Is Kerberos a good solution for web-single signon
kevin mcgowan
clunis at umich.edu
Sat Mar 13 09:18:41 EST 2004
Other WebISO systems that might be of interest:
a-select: http://a-select.surfnet.nl/
cas: http://www.yale.edu/tp/auth/
cosign: http://weblogin.org/
You should probably also see the WebISO (web initial sign-on) group at
Internet2:
http://middleware.internet2.edu/webiso/
I should admit that, as a co-author of cosign, I'm rather biased, but
you really should look at all of these systems closely before choosing
one and particularly before choosing to write yet another one.
Kevin
On Mar 12, 2004, at 7:58 PM, Christopher Kranz wrote:
> I was wondering the same thing. In fact I started a simular thread a
> little while ago. The short answer is no, not really. And the reason
> is, HTTP is a stateless protocol. You would need to generate a new
> authenticator for each and every connection. Kerberos kind of assumes
> that once a session is started the connection is persistant.
>
> See UWash's pubcookie (http://www.pubcookie.org/) or Stanford's
> WebAuth (http://webauthv3.stanford.edu/) for examples of WebISO
> solutions.
>
... "In, as you say, the mud." ...
More information about the Kerberos
mailing list