[Owasp-ireland] client-side ssl certs?

Peter McEvoy peter.m.mcevoy at gmail.com
Thu Aug 11 12:37:41 EDT 2011


How about not making the credential checking your problem and instead use a
federated id?

On 11 August 2011 17:04, John Marmelstein <john.marmelstein at gmail.com>wrote:

> Hi Folks,
> How is everyone? It’s been a bit quiet!
>
> Anyway, might anyone have thoughts or experience on client-side ssl certs?
>
> I am making a web app. I need some form of user authentication. I’m
> thinking I need to go a bit better than just having username/password
> for access control. What options are out there? It's for a
> public-sector thing. My hesitation with username/password access
> control is that the credentials might just get passed around.
>
> I guess that client-side certs are the answer. But, there will be
> about 2000 users. These are low-tech users, distributed  around
> Ireland. On their personal (ie not standardized) browsers/operating
> systems. So I can’t call around to them all doing the certificate
> installs. I’m not optimistic about asking this user population to do
> it themselves.
>
> Any opinions ?
> Maybe it boils down to saying that I either have to
> use username/password
> or, accept the large effort of generating, installing and managing the
> certs?
> Is there a good way to generate, install and manage certs?
>
> Thanks!
> JM
>
>
> --
> John Marmelstein
> 087 136 0045
> _______________________________________________
> Owasp-ireland mailing list
> Owasp-ireland at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-ireland
>



-- 
<http://www.fsf.org/fb>
http://www.fsf.org/facebook
http://bit.ly/hzA1MS
http://bit.ly/fztcGn
http://cli.gs/V1UtWw
http://cli.gs/S3zVIt
http://goo.gl/ZBptR
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-ireland/attachments/20110811/b3124f75/attachment.html 


More information about the Owasp-ireland mailing list