Just my two pence worth.
I havn't followed the discussion in great detail and I know nothing about
the issues of authorization. However, I know I would definitely feel better
about any solution that used schemes (like Kerberos) that were already in
(wide) use. The advantages should be obvious.
On that theme, has any consideration been given to several RFC's that were
recently posted relating to distributed security/authentication:
RFC 1507 - Distributed Authentication Security Service
RFC 1508 - Generic Security Service Application Program Interface
RFC 1509 - Generic Security Service API : C-bindings
(RFC 1510 is for Kerberos v5).
I havn't read them - no time. I just thought they might be useful.
Steve.
------------------------------------------------------------------------
Steven Heaney
Schlumberger Geco-Prakla
Internet: [email protected]
------------------------------------------------------------------------