Eric Rescorla wrote:
What's an "authentication module"? You seem to be assuming a particular
system architecture that you haven't laid out.
Many others have. I myself did so in a USENIX Login: Winter Security
issue some years ago. SubOS would be a software example. Potentially
CardSpace could be made this way. Kerberos 5 is not far from this if
you think of the authentication module being a KDC. Using today's
vernacular, let this module be the identity provider and the
authenticating service be a relying party.
And finally, having a token or some sort of SmartER Card that can handle
large numbers of credentials would all qualify as examples.
I'm not ready to say which one is quite right, or if there is another.
Eliot
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf