Is it correct that your implementation requires that all https pages
must be authenticated? If so, this presents a problem. We had a page
where people were able to register for a conference (including sending
credit card info). Since anyone is permitted to register, the page was
https, but did not require authentication. Now, apparently, the Cosign
filter will not allow us to have such a page. Is that right?