Denis McCarthy wrote: > On Fri, Jan 30, 2009 at 2:15 PM, Michael Ströder <mich...@stroeder.com> wrote: >> Ian G wrote: >>> X.509 is a user concept, not a transaction concept. >> Hmm, X.509 certs are simply a strong binding between a name of an entity >> and a public key. Machines can be entities too like with server certs. >> >> Still I'd agree that the original poster should rethink his concept. I'd >> probably prefer the X.509-based user authc and lookup the machine on >> which the transaction was performed based on other data. > > While I agree that it would make sense for us to not be swimming > upstream regarding our usage of X.509 certs, alas we are not in a > position to change the fundamental model, as this is the way our > customer does its business.
My understanding was that the customer already has issued roaming user certs for his users. If that's the case these X.509 certs probably have a common naming scheme. So you can find out which customer it was. In a former customer project I made a similar concept for a point-of-sale (POS) project with external partners hosting the POS client machine. Your situation seems even easier because 1. your customer's users already have certs and 2. you seem to have a web application running. Ciao, Michael. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
