Reducing the Entropy:

There are so many Web Security Mechanisms.......

Basic Authentication ... PGP/PEM ... S-HTTP ... Kerberos ... SSL ... MD-5 Authentication ... SmartCard Systems ... Web Security System X (on the way) ...

............How are we going to deal with all this?!?

Consolidation Efforts:

• Spyglass' Open Security Architecture

• W3C Protocol Development:

  Same spirit as S-HTTP (application layer crypto)

  Borrows from Spyglass Open Security Architecture

  To use "Extension" headers, made part of HTTP 1.1

• Terisa Systems Toolkits to support SSL in addition to S-HTTP

• Sun's "Java" language may make portable security "applets" feasible