Form-based DistAuth Improves Log-in, Log-out Capabilities

With this project, another important layer of security will be added to the process of logging into secure campus Web sites. This project will also make 'true? log-outs possible. The goal of the Form-based login application is to provide an effective way to log out of a DistAuth-enabled Web application by avoiding the use of browser-cached passwords that are a side effect of basic http authentication. By avoiding the caching of userID and passwords, the form-based login application will make it possible for authorized applications to completely log out users by invalidating authentication cookies. Technical testing is already underway, and a listserv is available (distauth-dev) for comments, feedback, discussion, etc. regarding this project. Roll-out of this new service is scheduled for Fall Quarter (see http://middleware.ucdavis.edu).