[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Auth]A simple serverside authentication scheme
|
From: |
Adam Theo |
|
Subject: |
Re: [Auth]A simple serverside authentication scheme |
|
Date: |
Tue, 17 Jul 2001 00:11:40 -0400 |
Norbert Bollow wrote:
>
> Nick Lothian <address@hidden> wrote:
>
> > Many people here doubt it is possible to come up with a serverside
> > authentication scheme that is easier to implement than a browser-plugin.
> > Here's my attempt (after 5 minutes thought):
> > [..]
> > Obviously, there are issues - particully the decentralisation aspects - but
> > it is a system that would work and could be implemented very quickly.
>
> Don't overlook the problem that this approach requires
> server-side resources (such as bandwidth, hardware, sysadmin
> time).
>
actually, i really don't see bandwidth or even CPU resources being even
a big issue here. even with thousands of users, the effects of a simple
server-side model would be small. it would take tens of thousands in an
hour to slow down a system.
the only resource i see a problem of is diskspace, and again, that is
minimal. not as if we are mirroring the library of congress here. say
each user takes up 10k of space (very generous, prolly won't be even
half at this early stage). that means a system with 100,000 users on it
would need 1,000 MBs of space. that's a single GB. small beans to
service providers.
> We need an approach that can quickly scale to a significant
> percentage of all ecommerce transactions - anything else is not
> a suitable strategy for reaching the goal of getting a
> significant maerketshare quickly.
by this i assume you mean it can take on any type of transaction, right?
not just those done over web, or those done by e-tailer like amazon.
in this case, i suggest we keep with a username/server/password scheme,
no matter what plan we settle on. these sorts of info can be easily sent
across various systems and networks, and users are very familair with
them. for simplicity, we can combine the username/server bit, to
something like email: address@hidden, and then they just need a
password.
this type of information does not need to be www dependant, so can be
entered and verified outside a web browser (such as a user's desktop app
or telnet).
>
> Microsoft has a server-side system and they haven't succeeded in
> making it work reliably yet.
may be true, i don't know enough about it. but just because MS uses a
100% server-side, centralized, authoritarian system, no need to not
consider *anything* that uses a server.
IMO, it will *have* to be a server-side system. let's just make sure it
is distributed and not centralized.
plug-ins won't work. for one, they are only browser-based. two, they are
traditionally slow to be accepted by users. three, there is no industry
wide standard for making plug-ins (they are different from browser to
browser).
all of these show plug-ins or *any* client-side, browser-dependant
application will not spread or catch on.
we do not need to be afraid of server-side. server-side can in fact be
*very* easy to impliment. it won't require any client-side alterations
or additions, for one. the user already has everything they need for a
server-side system (browser and/or a TCP connection).