Subject Re: [IB-Architect] Re: Some thoughts on IB and security
Author Jim Starkey
At 05:13 PM 4/26/00 -0700, rfm@... wrote:
>Ann Harrison wrote:
>> I'm not sure plug-ins are the right answer. Nor am I comfortable
>> with the "one login for all databases" philosophy.
>I agree. BTW, what I ment by plugins was some fairly flexable way
>of letting some other service do/verify the authentication. Giving
>sites the option of using their whatever their single sign on
>system might be. Of course, you then have to worry about the security
>of your plug-in mechanism. I have no idea what the practicalities
>of the situation are. How do Oracle, MS etc do it ?

I rather like the idea of a "plug-in". Security requirements
are going to differ across systems and environments. Building
a system so inclusive that addresses all needs is difficult
if possible at all. On the other hand, forcing folks to build
a private version isn't the answer either.

Perhaps we could discuss the requirements for an API for a
security plug-in?

A model we might consider is Apache's configuration file. A
configuration specification (probably stored in a blob in a
system table) would define a meta-syntax and a means to
specify one or more security modules, each of which would
be responsible for handling of its tags.

Jim Starkey