[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [DotGNU]Token System Specs
From: |
Barry Fitzgerald |
Subject: |
Re: [DotGNU]Token System Specs |
Date: |
Fri, 20 Jul 2001 00:33:25 -0400 |
Jeremy Petzold wrote:
>
> Barry,
>
> I read the token specs, very nice :)
> one thing, does the client system have a way to verify
> that it actually sent the rls like a watermark that it
> had attached to the rls that returns to it when the
> query happens? if not I think that it would be
> important to have so that a script kiddie, doing a
> portscan on Aunt Bea's computer, can't send a bogus
> query for information, even if it is her lowest
> security priority like favorite color, its no ones
> bussiness but her's and the people she authorizes.
>
> -Jeremy
Why thank you :)
Well, the tokens will have to be encapsulated in some form of transport
protocol. The obvious choice is TCP/IP and HTTP. However, perhaps we
can extend this and have something akin to a PKI certificate system in
place to ensure that this works, even going so far as to have encrypted
keys with a request number embedded inside of them.
-Barry