> Would signed certificates be preferred? Well, sure, they're
> nice. I don't object, and in fact welcome some improvements
> here. For example, I'd love the choice of taking an
> individual user's certificate and authenticating completely
> based upon that. However, while this _seems_ to simplify
> things, it really just trades off with the added cost of
> managing those certs - username/password is slam-dunk simple
> and has the advantage that users can share one authentication.
>
> Unless I've really overlooked something basic, there's
> nothing lacking in the existing scheme...
From my POV, yes, you are missing sometihng very basic - single signon.
This is what Kerberos gives me. No need for the user to type in his
password, becaus ehe is *already* logged in and authenticated by a
trusted KDC in the realm.
The same could apply to SSL cert based authentication, for users
connecting from machines outside of my realm. Once you have "unlocked"
the certificate, you can authenticate any number of times to any number
of services that will accept this certificate *without* having to
re-enter your password.
This is both a convenience for the user, and a requirement if you use
OTPs.
//Magnus