Authentication and authorisation
"Peter Lister, Cranfield Computer Centre" <P.Lister@cranfield.ac.uk>
Errors-To: listmaster@www0.cern.ch
Date: Fri, 11 Mar 1994 14:21:07 --100
Message-id: <9403111304.AA02681@xdm039.ccc.cranfield.ac.uk>
Errors-To: listmaster@www0.cern.ch
Reply-To: P.Lister@cranfield.ac.uk
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: "Peter Lister, Cranfield Computer Centre" <P.Lister@cranfield.ac.uk>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Authentication and authorisation
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
X-Mailer: exmh version 1.3beta 2/17/94
X-Mailer: exmh version 1.3beta 2/17/94
X-Mailer: exmh version 1.3beta 2/17/94
X-Mailer: exmh version 1.3beta 2/17/94
X-Mailer: exmh version 1.3beta 2/17/94
Content-Length: 872
Lets also remember that in network terms, Kerberos authenticates a client and
server to each other, but says nothing about authorisation, i.e. what you do
or don't do for a person once you know you really are talking to them.
It seems reasonable that a CGI script should be know who it's talking to and
how they got authenticated. There is nothing to prevent a server performing an
initial level of access control when it decides whether to the start the
script (or indeed which script to start), but the script itself be able to
make it's own decisions, as well as using the info.
Peter Lister Email: p.lister@cranfield.ac.uk
Computer Centre, Cranfield University Voice: +44 234 754200 ext 2828
Cranfield, Bedfordshire MK43 0AL UK Fax: +44 234 750875
--- Go stick your head in a pig. (R) Sirius Cybernetics Corporation ---