Security Basics mailing list archives

Re: Authentication question & proble

From: "Yousef Syed" <yousef.syed () gmail com>
Date: Wed, 23 Apr 2008 08:23:07 +0200

Read up on the concept of "Identity Federation".
Another route may include using a form of OpenID.


2008/4/22  <evilwon12 () yahoo com>:

Here is what my developers are wanting to do, and I cannot think of a secure way to do this.


 Have a user (at home) authenticate against our LDAP through a company portal/site and have that authentication 
information passed to an external vendor, allowing the user at home to utilize the application from home after being 
authenticated.


 So, it's user at site A, authenticating with site B, and the user at site A using the application (after 
authentiation) at site C.


 Sorry for being long winded, but everything there screams MITM to me.  I am probably missing something easy.




-- 
Yousef Syed
CISSP

http://www.linkedin.com/in/musashi

Current thread:

Authentication question & problem evilwon12 (Apr 22)
- Re: Authentication question & proble Shreyas Zare (Apr 22)
- Re: Authentication question & problem Tremaine Lea (Apr 22)
  - RE: Authentication question & problem Sheldon Malm (Apr 22)
- Re: Authentication question & proble Yousef Syed (Apr 23)
- Re: Authentication question & problem Nick Owen (Apr 25)