"IPSec is beginning to support key business and technology objectives such as B2B extranet backbones and dial access VPN's for remote computing. Despite the security and operational benefits of a VPN, the problem of authenticating client entities for access control decisions . . .
"IPSec is beginning to support key business and technology objectives such as B2B extranet backbones and dial access VPN's for remote computing. Despite the security and operational benefits of a VPN, the problem of authenticating client entities for access control decisions remains a risk management issue. Providing needed protection in specific situations, many system designers have recommended authorization services be placed at the application layer. This approach using security specific API's to shunt security services into existing application code can be a lengthy process. Conducting identity authentication and authorization of client entities (a person or program) within the encrypted network tunnel, similar to the (SSL) Secure Sockets Layer model has widespread application and works to protect specialized content (such as a login dialogue box) on Web servers. "

The link for this article located at SecurityPortal is no longer available.