Authentication and registration plug-in?

I’m designing a HIPAA compliant Rails site and need a plug-in to do
the following

Auto-Expiry: Each user is assigned a unique password; system has

password expiration enabled with expiration time configurable by
system administrator.

salted password

Secure Connection: Usage of HTTPS and SSL

e-mail registration

I’ve seen the list of authentication plugins (http:// but wanted to get
some feedback from someone who has implemented as many of the above
features as possible. Any advice on picking and implementing one of
these plug-ins?


I’ve used restful_authentication and it does everything except the
auto-expiry, which should be straightforward to add. You’ll need to
add the SSL setup, which is easy with the ssl_requirement plugin.

Do you have any pointers to good summaries of what is required to make
a Rails site HIPAA compliant?