> Nice discussion....Why do I need to "get the that mapping over a secure > channel"? The point is not clear to me.....later...Rik The channel or method by which you derive the name->authorization mapping must be secure against tampering; if it is not, an attacker can subvert the mapping and give himself whatever privileges he desires.. - Bill