Re: 'Corporate login' for a customer to a website



On Wed, 11 Jul 2007 22:26:56 +1000, Ken Schaefer wrote:

The only real way to have secure authentication is to have a shared secret
that both the client, and you, share. That can either be a password, or a
client certificate, or some kind of federated identity/SSO system (e.g.
provided by ADFS).

Cheers
Ken


Thanks Ken

My understanding is that a client certificate is unique per workstation -
isn't that going to be large overhead on management?
.