[JDEV] Authentication / Authorization / List

Joshua Kramer jkramer at capital.edu
Tue Oct 2 08:34:27 CDT 2001

> Finally, I don't think this should be part of the security JIG. Security 
> and authentication are two different things. Security is about ensuring 

Actually, I disagree - in fact, we're having discussions about these very
things on security-jig.

You're right, ONE of the things security is about is ensuring that
crackers can't take control of a server.  But, Security is also about
avoiding man-in-middle attacks, as well as ensuring that you're talking to
the server and the user that you really think you are.  This is done using
strong authentication; and from authentication, we can tell what resources
users are authorized to use (hence authorization).  In the security-jig we
are discussing the use of PKI digital signatures as well as cryptography
in Jabber, and part of this is authentication or authorization.

In any case, if you're working on authentication/authorization, you should
be reading the security-jig so that we all don't duplicate work or go off
in different directions for the same goals.


This message sent by Josh from Capital University!
The shortest distance between two points is a hilly, curvy road...

More information about the JDev mailing list