On 2015-02-06 17:11, Tom Boutell wrote: > One of the key differences between Cosign and CAS seems to be the > implementation of separate SSL certificates for Cosign's back-channel. > I'm curious what the improvement in security is there. It could be > left over from the era when the public sites might not be using https, > or it could have a larger benefit that just isn't clear to me yet.
What Liam said: on virtually all of our web servers we use the same certificate for connecting to the central weblogin servers that we use for HTTPS. As for the improvement to security, the certificates are needed to be sure that the client web server is talking to the real central weblogin servers, that there is no man in the middle eavesdropping on or modifying the traffic, and so that the central weblogin servers know that they are talking to a legitimate client web server belonging to the institution rather than random machines. -- Mark Montague m...@catseye.org ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss