"And how much network traffic will all this authentication/authorisation
generate?"
Obviously more than no authentication/authorization at all. The actual
content of the request and reply will be defined by the various Trust
Administrators dependent on the two parties involved. As I indicated, since
this is an API spec, a proxy could be written to respond to these requests
from your clients with answers defined by your organization. With the
information provided by the object in response to your request to use it,
your browser would then issue a request to a Trust Administrator, which
could be local, all before the object is retrieved. The request to the
Trust Administrator need not be across the Internet, if, and when, such
Trust Administrator Servers get written.
Think of it in the terms of Symantec offering up to date virus
determination lists across the Internet for use on your internal PC's. Your
Trust Administration server could be local yet could request updates from
some other Trust Administrator across the Internet, or via snailmail
delivered media, your preference.
I should point out, however, that all of this is just my idea of how the
API could be implemented, I don't know of any company currently doing this
work. Maybe I should add that this idea is copyright Russ Cooper,
1996....;-] If anyone wants to fund a company to build such servers, please
feel free to respond...;-]
Cheers,
Russ
|
|
