Authentication and authorisation

"Peter Lister, Cranfield Computer Centre" <P.Lister@cranfield.ac.uk>

Mail folder: WWW Talk Jan 94-present
Next message: Philippe Brun: "WWW and SNMP"
Previous message: Gertjan van Oosten: "Re: If-Modified-Since and 304"

Errors-To: listmaster@www0.cern.ch
Date: Fri, 11 Mar 1994 14:21:07 --100
Message-id: <9403111304.AA02681@xdm039.ccc.cranfield.ac.uk>
Errors-To: listmaster@www0.cern.ch
Reply-To: P.Lister@cranfield.ac.uk
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: "Peter Lister, Cranfield Computer Centre" <P.Lister@cranfield.ac.uk>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Authentication and authorisation
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
X-Mailer: exmh version 1.3beta 2/17/94
X-Mailer: exmh version 1.3beta 2/17/94
X-Mailer: exmh version 1.3beta 2/17/94
X-Mailer: exmh version 1.3beta 2/17/94
X-Mailer: exmh version 1.3beta 2/17/94
Content-Length: 872

Lets also remember that in network terms, Kerberos authenticates a client and 
server to each other, but says nothing about authorisation, i.e. what you do 
or don't do for a person once you know you really are talking to them.

It seems reasonable that a CGI script should be know who it's talking to and 
how they got authenticated. There is nothing to prevent a server performing an 
initial level of access control when it decides whether to the start the 
script (or indeed which script to start), but the script itself be able to 
make it's own decisions, as well as using the info.

Peter Lister                             Email: p.lister@cranfield.ac.uk
Computer Centre, Cranfield University    Voice: +44 234 754200 ext 2828
Cranfield, Bedfordshire MK43 0AL UK        Fax: +44 234 750875
--- Go stick your head in a pig.  (R) Sirius Cybernetics Corporation ---