On Wed, Oct 3, 2012 at 6:25 PM, Stephen Frost wrote:
> Chris,
>
> * Chris Travers (chris.trav...@gmail.com) wrote:
> > Well, that's the tradeoff I see. It can be handled using a bunch of
> > different means. One that I have suggested is two-factor auth, where you
> > require a client-side SSL c
Chris,
* Chris Travers (chris.trav...@gmail.com) wrote:
> Well, that's the tradeoff I see. It can be handled using a bunch of
> different means. One that I have suggested is two-factor auth, where you
> require a client-side SSL cert with a specific issuing authority and a cn
> of the username t
On Wed, Oct 3, 2012 at 6:17 AM, Stephen Frost wrote:
> Chris,
>
> * Chris Travers (chris.trav...@gmail.com) wrote:
> > This has a few significant drawbacks. As far as the web application is
> > concerned, the types of supported authentication are limited to those
> > which are re-usable, which
