It's actually pretty simple. The "component" needs to authenticate users to
active directory. However, a proposal was made to separate authentication
components on an application server (which I opose that too). So basically
there is an LDAP component on an application server that receives calls from
a remoting object on another application server that is called by the web
server in the DMZ. I think it's a bit too much. So now they are making the
argument that every application from this point must reference the remoting
object to authenticate users instead of a web service on the server closest
to the active directory server.
Hope you understand what was just described, cause I'm not certain I
understand it.
Thanks.
"Marc Gravell" wrote:
Really, you need to write down *what it must do*; it doesn't matter if one
technology is really cute at doing "x", "y" and "z" if it can't do "a"
(where your project needs "a"). Also note that the two are not necessarily
mutually exclusive, although you would be introducing complexity by using
both in tandem.
Example comparitors:
* Must it support non-.Net clients?
* Must it support 1.1 clients?
* Do we expect it to manage all security (authentication / encryption / etc)
for us?
* Do we need to be able to talk to different servers *at the same time*
* What performance profile do we need? (paired with data throughput)
* Do we need marshal-by-ref instances? (proxies held at the client that
forward invoked methods to the server silently)
* How complex is the data we are transporting - is it simple data, or
complex object-graphs?
* Must it work through firewalls?
* Must it work via intermediaries?
The list goes on...
Marc