authentication and registration plug-in?

I'm designing a HIPAA compliant Rails site and need a plug-in to do
the following

# Auto-Expiry: Each user is assigned a unique password; system has
password expiration enabled with expiration time configurable by
system administrator.

# salted password

# Secure Connection: Usage of HTTPS and SSL

# e-mail registration

I've seen the list of authentication plugins (http:// but wanted to get
some feedback from someone who has implemented as many of the above
features as possible. Any advice on picking and implementing one of
these plug-ins?


I've used restful_authentication and it does everything except the
auto-expiry, which should be straightforward to add. You'll need to
add the SSL setup, which is easy with the ssl_requirement plugin.

Do you have any pointers to good summaries of what is required to make
a Rails site HIPAA compliant?