Smart Client Application and Oracle Security

Our development staff is rewriting an Oracle Forms application into a .NET Smart Client application using MS AD for application authentication. The smart client application will be launched from the web browser but the client machine will have the Oracle Instant Client installed and all database connection will be made from the PC. I am looking for ideas on how to best implement database security. Right now we are pulling a generic database username/password account from the application server and making all database calls from the pc with one database account. I have been looking at Kerberos or OID to do AD single sign on for the database but I don't want to make things more complicated then needed.  

I was just looking for any suggestions or ideas for this type of architecture. Everything I am reading in the Oracle documents is talking application servers with connection pooling.      

"Notice of Confidentiality" The information contained in this e-mail message is intended for the use of the individual or entity named above.  If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copy of the communication is strictly prohibited.

--
http://www.freelists.org/webpage/oracle-l