On Nov 13, 2007, at 11:48 AM, Michael Peters wrote:
Why is this considered "ticketless"? Isn't the challenge that you mention below really a ticket? And does the client need to present this ticket on every request?
Yes, you're right - the challenge is a ticket -- and must be presented on every request. Perhaps this is a very bad semantic naming -- I meant that there is no local store on the ticket - as it is self-validating.
Sounds an awful lot like mod_auth_tkt to me, or am I missing something?
Its like mod_auth_tkt in design , but not in functionmod_auth_tkt does apache auth via cookies and apache - i need to support a non-cookie and non-apache environment
this is meant to offer a security layer when doing a form style login via Flash or Javascript over an insecure connection - so that a user password is never sent in the open
i'm in the midst of writing the corollary flash and js libraries too maybe mod_auth_tkt can support that via specific calls ?
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.