RE: Reauthentication Requested Revisited

From: Josh Cohen (
Date: Mon, Feb 02 1998

Message-ID: <>
From: Josh Cohen <>
To: "''" <>
Date: Mon, 2 Feb 1998 17:01:44 -0800 
Subject: RE: Reauthentication Requested Revisited

-> -----Original Message-----
-> From: Scott Lawrence []
-> Sent: Monday, February 02, 1998 4:06 PM
-> To: Josh Cohen
-> Subject: Re: Reauthentication Requested Revisited
-> JC> This provides a general mechanism for a "retry request" 
-> from the server
-> JC> to the client along with a way to acknowledge receipt of 
-> the retry
-> JC> request.
->   Which may or may not be a good thing, but is, I think, 
-> orthogonal to
->   the question of invalidating cached user credentials.
Technically yes.  However to make the 'reauth request' actually
work and be useable, both are necessary from a system view.

1) the server needs a way to send a message to the client saying
  please revalidate your credentials with the user
2) the server needs a way to detect that the client has
   or is at least claiming to knowingly complete the task
   (revalidate the credentials)

So, I guess Im lumping two things together in a sense.  I see the
 second part as an infrastructure item needed by the first to make it

(else how would you know if the client actually revalidated?)

-> Scott Lawrence           EmWeb Embedded Server       
-> <>
-> Agranat Systems, Inc.        Engineering