> Does the thrift user have to build all the user authentication into > the protocol? It seems like there should be some standard, reliable, > vetted mechanism that could be layered into Thrift.
Sending a username and password over an SSL connection is a very common pattern. It is difficult for Thrift to do "everything" here, because Thrift doesn't have access to whatever the backing database is that stores the usernames and passwords. If you are looking for something that uses the username and password as the only forms of authentication (in lieu of certificates), then you should investigate TLS-SRP (http://en.wikipedia.org/wiki/TLS-SRP). You would likely need to create a new transport class to wrap TLS-SRP.
