[Tallahassee-pm] An interesting problem.
James Tillman
jtillman at bigfoot.com
Mon Jul 7 21:59:47 CDT 2003
On Mon, 2003-07-07 at 15:30, Phillip Tyre wrote:
> Ah, then you get into the issue of the ASP_server talking to my MYSql server across the internet, and I'm not 100% sure that is something I'd want it to be doing! After all, while I like the guys that run the Asp_server.... I don't TRUST them ;)
>
Oh, I see. I didn't read your message closely enough. I had thought
this was all within your own organization. In this case, I guess my
current mechanism would still work, but you'd need a web server of your
own on the opposite side of the firewall that the remote ASP server
could query to verify that the token it was being presented was valid.
You wouldn't have to expose your MySQL server, just a web server that
accepted a straight HTTP request (with a token to validate being
provided in the QueryString of the URL) and then it could just print
"valid" or "invalid" or somesuch.
Another option that you could look into is SourceID's Single Sign On
technology. It's an open source Java toolkit for federated logins
(similar to MS's Passport, but without Big Bill cashing in with each
login).
http://www.sourceid.org/wiki/Wiki.jsp?page=SSODesign
I've been looking at this as a partial replacement to FDLE's own
internally developed single-sign-on solution for its web applications.
Of course, your solution did the job quite nicely (and was much more
properly-sized to the problem it solved than either of my proposed
alternatives), but you obviously wanted discussion and alternate points
of view, or you wouldn't have spoken up. Right? :-)
jpt
More information about the Tallahassee-pm
mailing list