In security circles, we often talk about an acronym called CIA, which normally taken to mean confidentiality, integrity, and availability. But when talking about securing application communications on a network, I prefer to think of the “A” as “authentication” because not enough people understand how important it is. For example, when was the last time you paid attention to your browser when purchasing something online? Did you check to make sure you were running over SSL? I find it interesting that when I hover my mouse over the lock in Internet Explorer, I'm told that it's using “128-bit encryption.” Sadly, that information is of little use. What I really need to know is who is on the other end of the pipe, anyway? I ...