in reply to web authentication 2008
Please provide a more precise question. What exactly do you want to achieve, what is the goal and where would you like some assistance. Just asking for some wisdom about the current "state of the art" will probably not give you many answers.
Some examples. Where do you want the authentication to take place: do you want to use authentication methods provided by HTTP or do it in the application (with some fancy graphics, password reminders and whatever else). You should not only thing about authentication (as "whom should I allow to come in"), but also about authorization (as "who should be allowed to do what").
Oh, wait. That's not 2008. That's not even 2007 or 2006 for that matter. That's pretty old stuff.