> Finally, I don't think this should be part of the security JIG. Security > and authentication are two different things. Security is about ensuring
Actually, I disagree - in fact, we're having discussions about these very things on security-jig. You're right, ONE of the things security is about is ensuring that crackers can't take control of a server. But, Security is also about avoiding man-in-middle attacks, as well as ensuring that you're talking to the server and the user that you really think you are. This is done using strong authentication; and from authentication, we can tell what resources users are authorized to use (hence authorization). In the security-jig we are discussing the use of PKI digital signatures as well as cryptography in Jabber, and part of this is authentication or authorization. In any case, if you're working on authentication/authorization, you should be reading the security-jig so that we all don't duplicate work or go off in different directions for the same goals. --J ---- This message sent by Josh from Capital University! The shortest distance between two points is a hilly, curvy road... ---- _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
