Background:
We have been looking at ways to make single sign on (in summary user
authenticates themselves once - or least as little as possible by as few
means as possible) more of a reality.
One of the areas that is of interest to us is external Web Services -
typically in our environment electronic journals - that require password
(as opposed to IP) authentication.
Idea:
Squid has proxy authentication - so it is possible to authenticate people at
Squid.
Squid does some header rewriting - both via redirector and the anonymiser.
So it would be nice to use proxy-auth info to derive the authorisation info
for particular sites - this could be selected by an acl type mechanism - an
external program would then take say username password pair and
return OK plus authorisation info OR ERR, in similar fashion to the proxy auth
mechanism.
Questions:
A: presumably Squid can not do this right now?
B: would people find such a mechanism useful?
C: are there any fatal flaws in this scheme?
D: would it be easy to implement in Squid - if so might have a go myself ...?
--
-----------------------------------------------------------------------------
| Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,|
| [EMAIL PROTECTED] +44 1895 274000 x2561 UK |
-----------------------------------------------------------------------------
