Re: [Fed-Talk] Re: "Authentication" < > "SSO"
Re: [Fed-Talk] Re: "Authentication" < > "SSO"
- Subject: Re: [Fed-Talk] Re: "Authentication" < > "SSO"
- From: "Timothy J. Miller" <email@hidden>
- Date: Mon, 29 Dec 2008 16:05:02 -0600
Paul Nelson wrote:
Terminology is such a pain. Experts have been telling us that there is a
difference between Authentication and Authorization. They make a very good
argument about keeping these ideas separate. However, the two always go
hand in hand on computer systems because you can't do anything useful just
by "authenticating" someone.
Not always. AF has deployed a wireless guest network where users only
authenticate--i.e., a valid DoD PKI certificate is required. No
separate authorization step is performed; authN implies authZ in this case.
But that use case is very, very narrow indeed. :)
We use similar methods with a limited number of DoD websites. Viewers
need to be be limited to DoD members, but sometimes we don't care which
ones; so we enable PKI client authN and turn off directory mapping (it's
an IIS webserver, right? :). Think of this as the PKI equivalent of the
*.mil DNS name restriction.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden