Background:
We have been looking at ways to make single sign on (in summary user
authenticates themselves once - or least as little as possible by as few
means as possible) more of a reality.
One of the areas that is of interest to us is external Web Services -
typically in our environment electronic journals - that require password
(as opposed to IP) authentication.
Idea:
Squid has proxy authentication - so it is possible to authenticate people at
Squid.
Squid does some header rewriting - both via redirector and the anonymiser.
So it would be nice to use proxy-auth info to derive the authorisation info
for particular sites - this could be selected by an acl type mechanism - an
external program would then take say username password pair and
return OK plus authorisation info OR ERR, in similar fashion to the proxy auth
mechanism.
Questions:
A: presumably Squid can not do this right now?
B: would people find such a mechanism useful?
C: are there any fatal flaws in this scheme?
D: would it be easy to implement in Squid - if so might have a go myself ...?
-- ----------------------------------------------------------------------------- | Peter Polkinghorne, Computer Centre, Brunel University, Uxbridge, UB8 3PH,| | Peter.Polkinghorne@brunel.ac.uk +44 1895 274000 x2561 UK | -----------------------------------------------------------------------------Received on Wed Apr 21 1999 - 06:22:46 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:54 MST