authentication and registration plug-in?

I'm designing a HIPAA compliant Rails site and need a plug-in to do the following

# Auto-Expiry: Each user is assigned a unique password; system has password expiration enabled with expiration time configurable by system administrator.

# salted password

# Secure Connection: Usage of HTTPS and SSL

# e-mail registration

I've seen the list of authentication plugins (http:// wiki.rubyonrails.org/rails/pages/Authentication) but wanted to get some feedback from someone who has implemented as many of the above features as possible. Any advice on picking and implementing one of these plug-ins?

Thanks! Chirag

I've used restful_authentication and it does everything except the auto-expiry, which should be straightforward to add. You'll need to add the SSL setup, which is easy with the ssl_requirement plugin.

Do you have any pointers to good summaries of what is required to make a Rails site HIPAA compliant?

Michael www.mslater.com