One of the authentication servers used by MIT Touchstone is based on Stanford's WebAuth package. MIT uses this to authenticate people that have an MIT Kerberos principal name. The WebAuth server is currently supporting three authentication mechanisms: personal X.509 certificates, username and password over TLS, and native Kerberos tickets via http-spnego. MIT Touchstone does not use native WebAuth to interact with any application servers. It is simply used as the authentication server inconjunction with a Shibboleth IdP.