[Biodevelopers] On security models for networked applications

[Titus Brown]

->   I am thinking about security issues for my networked application. 
-> Specifically how to authenticate a user properly, so a server can trust
-> the client talking to it is doing so on behalf of the correct user, and
-> the client can trust that the server it is talking to in fact represents
-> a valid server for the application, and can autheticate this.

Do you want to know about generic network communication, or RPC mechanisms,
or something over straight HTTP?  (I'm guessing RPC...)

As you say, the transport can handle the data security, and server
authentication can be handled by hardcoding the server name <grin>,
unless you want things to be a bit more flexible, in which case you'll
have to buy into some sort of distributed authentication framework.

As for user authentication, I don't think there's a good generic way to do
it for generic network communication (this is one of the things that RPC
mechanisms like SOAP are supposed to help with!).  I can recommend a
simple reference for how to do it in SOAP, but I haven't used that.

Of course, if you have a secure transport layer, you can just send a user/pass
along with every request ;).

--titus