[OpenID] Community Reputation Services
Peter Williams
pwilliams at rapattoni.com
Fri May 23 03:15:12 UTC 2008
In practice, this stance is often futile, just because applications
don't generally work that way(and proxying securely is really, really
hard). Drives me nuts.
I don't know much about the .edu world, but much of the consumer and corporate world uses ppp to access a gateway, once the link control protocol has authenticated the dialup device, once chap has done user auth at a proxy, and once radius has verified the user password/otp and optionally managed group authorizations. The collection of authz attributes are attached to the ppp session, controlling access in practice to subnets, routes and interfaces/tunnel endpoints.
The inter link proxy (nac) guarding the completion of the ppp session splits auth from authz, uses std and local attributes up the wazoo, has worked for more years than I want to to admit, and is not hard at all. In fact its commodity.
More information about the general
mailing list