Kerberized authorization service
John Hascall
john at iastate.edu
Mon Feb 11 13:11:26 EST 2008
Russ Allbery <rra at stanford.edu> writes:
> Stanford currently very much loses on this, in a wide variety of ways. We
> really only have one authorization system that copes correctly with role
> status changes (provided that it's used properly), and it only knows how
> to talk to the financial system and isn't (currently) usable as a general
> authorization solution. There is some active work in the Internet2 arena
> on this, but not to the point where I think people are deploying it.
The problem with the Internet2's work in this area
(i.e., Signet and Grouper) is that
they seem like they've never met a problem
that they didn't think the answer to it was:
while (problem) {
Throw the most complicated XML and Java possible at it.
}
(And they forgot to catch deathByBloatAndComplexityException)
John
More information about the Kerberos
mailing list