Hi Dan,
On 07/27/2011 02:11 PM, Dan Wells wrote:
The first big decision is this: does the client need to learn new
> authentication techniques, or do all negotiations happen via a proxy?
> Despite our current authentication protocol being partially handled
> client-side, I think, ultimately, authentication via proxy will cover
> the vast majority of cases in a much more doable way. The current
> native authentication has an advantage of being usable over insecure
connections,
> but I cannot see that working out for many other protocols, if any,
so is it
> worth the trouble?
Well, if one *doesn't* need to delegate authentication outside of
Evergreen, being able to authenticate securely over insecure connections
is rather nice. I'd hate to see that option be lost just because many
potential sources of external authentication can't support the native
authentication dance. If we go with your proposal (over say, Mike's
proposal -- and I'd be curious to hear what you think of it and how it
compares with what you've proposed), I do think it should be adapted so
that the existing mechanism can be retained.
Regards,
Galen
--
Galen Charlton
Director of Support and Implementation
Equinox Software, Inc. / Your Library's Guide to Open Source
email: [email protected]
direct: +1 770-709-5581
cell: +1 404-984-4366
skype: gmcharlt
web: http://www.esilibrary.com/
Supporting Koha and Evergreen: http://koha-community.org &
http://evergreen-ils.org
