Sentinel authentication already uses ssl when the user is prompted for an MSU NetID and password. If the app is using the service correctly, it should take them to login.msu.edu (which is secure), authenticate them and then send them back to the application with the proper credentials. All this is done securely and it shouldn't matter if the application itself is hosted under ssl. As far as I know, after the initial authentication no other personal data is sent via insecure methods. Are my assumptions wrong? Thanks, Jeff Siarto CAS IT Office On Wed, Apr 9, 2008 at 11:09 AM, Troy Murray <[log in to unmask]> wrote: > My personal opinion on the matter is if the site doesn't use SSL for > something like this, I'm not going to use it if I have any choice. > Considering that any of the sites here on campus can get a free SSL > certificate (http://certs.ipsca.com) I don't think there's much of a reason > they don't have one. > > -t > > > > > On Apr 9, 2008, at 11:04 AM, Tom Rockwell wrote: > > > Hi, > > > > Is there a requirement that websites that use netid for authentication be > ssl encrypted, or at least perform the authentication using ssl? > > > > Given that several MSU websites that use netid for authentication allow > access to personal information, I'm wary of using netid over a plain text > link. Note that the non-encrypted site is not an official MSU site. > > > > Thanks, > > Tom > > > > -- > Troy Murray > Developer > Michigan State University > Biomedical Research and Informatics Center (BRIC) > 100 Conrad Hall > East Lansing, MI 48824 > Phone: 517-432-4248 > Fax: 517-353-9420 > E-mail: [log in to unmask] > http://www.icalx.com/public/troymurray72/BRIC%20Work.ics >