(Illustration by Gaich Muramatsu)
there are other problems with anonymous access as well, and my point of view is that there should be no tokenless access at all. On order to create "anonymous" tokens but still know the server's autenticity we'd have to add public key support, and I think it is the way to go, as we discussed here some time. Fair enough - i have no issues with requiring anonymous tokens. My point was that having connected mode operation work but not be able to reintegrate is fundamentally opposed to 'the coda way'. My own view, when I'm feeling extremist, is that coda tokens and the auth2 stuff should go away, and we should instead use GSS-API, of which some mechanisms can support anonymous tokens.Received on 2003-08-14 11:17:13