3815Re: [decentralization] De-centralizing single sign on.
- Sep 2, 2001At 7:52 AM +0100 9/2/01, Julian Bond wrote:
>What if the registration form or sign on form had three fieldsA malicious site could also store your user ID, password, and
>3) get my preferences from this URL
>The site could then use XML-RPC, SOAP or such like to connect to that
>URL, validate the id and password and return a set of preferences/basic
preferences URL and subsequently use your identity.
Single sign-on needs a system where you authenticate to your
authentication provider, provide other parties with an authentication
token of some sort, and have your provider validate that token.
(This is the Kerberos model.)
I've been wondering if this might be possible with cookies somehow;
the problem is that cookies only get sent to the site that set the
Chris Hanson <cmh@...>
bDistributed.com: Making Business Distributed
- << Previous post in topic Next post in topic >>