Let me just point out what we are trying to do:
In a large collaboration for high-energy physics, there are many
servers. All people in the collaboration want access to the
collaboration-private data, they want to use a simple password
scheme, they want to give their password only once per www session
and they do not want to have accounts on all those machines. So we
want what Ari is trying to do.
We want a lock on the door, or, as one British lock company allegedly
once advertised: "our locks keep honest people out", in other words,
the lock tells you: if you break in here, you are trespassing and you
are not playing the game, but we cannot guarantee that really
dishonest people will steal by what ever means. Let me also say that
you have to trust the system administrators etc...
Now, if I were a banking institution, I would keep the handling of my
customer's money transactions miles away from the Internet and Unix
So that is what I want Ari to do: provide a lock that is easy to use
and does not cause headaches to the system administrators. We will
probably have to duplicate the password files on all servers in a
collaboration (unless we introduce a third machine in the exchange),
and we will not use Unix schemes (because they do not apply on
Kerberos etc. will eventuially come and maybe even scale to include
all of humanity.
I think that the way things are designed is open enough for different
schemes and higher security later on.
--- Robert Cailliau email@example.com World-Wide Web Project CERN -- European Laboratory for Particle Physics CH-1211 Geneve 23 (Switzerland) Tel. +41 22 767 5005