Web application - implementation choices

Authenticating Users

- Browser needs to support standards for talking to PKI Smartcards/tokens.

IE and Netscape are able to do this.

- Web Application needs to be able to distinguish between your users and other users using the same Certificate Authority.

Look up user rights from a database or a directory

Securing Traffic

- Network traffic needs to be encrypted using either 3DES encryption.

Minor modifications need to made to Web Server software for this.

Securing the Web Server

- Strongly authenticating users and encrypting traffic does not fix all security problems with a web-server.

The Web Server must be configured securely
3rd Party security auditing/testing services