> Chemolli Francesco (USI) wrote:
>
> > IMO IP verification is more of an authorization than
> authentication issue.
> > The "problem" here is that we want to be lazy in performing
> authentication,
> > and do that only when it is needed for authentication.
>
> I think you meant "... needed for authorization."
Yes, of course.
>
> True, and this is a very nice feature I'd like to keep as it
> allows for
> very flexible configurations structured in a quite logical manner
There always is the NetCache way. Less flexible and more straightforward,
as I explained in another message.
> Eventually I'd even like to see the fully relaxed approach where
> authentication is only required if the request was denied and any
> authentication based checks had been involved. This to give
> even greater
> configuration flexibility. However, there are some security
> implications
> with existing configurations if making this change..
I think it would be a very interesting move. If well documented it would a
mindset people could grow into easily.
-- /kinkieReceived on Fri Jul 20 2001 - 08:18:16 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:07 MST