Authentication (RE: QPID-6)

[Tomas Restrepo <to...@devdeo.com>]

Hi Robert,

> The other thing we definitely need to be able to support is mutual
> authentication with SSL - i.e. the client must present a certificate
> to the broker as well as the other way round.

Mutual authentication would be a good features, though it does bring up a
question: Isn't it a bit redundant to have client-side certificates for
authentication and then for the client to also have to use SASL to
authenticate yet again? Which of the two identity tokens would then be used
for authorizing access to resources?

And while we're at it, would someone find also useful to support anonymous
(i.e. unauthenticated) access to the server for some scenarios? (the easiest
way would be by supporting the ANONYMOUS mechanism per RFC 2245).


Tomas Restrepo
tomas.restrepo@devdeo.com
http://www.winterdom.com/weblog/