On Wed, 28 Aug 1996, Peter J Churchyard wrote: > As larry has pointed out, basic for client / server non persistant requests > is a poor choice. > > client - proxy with persistant connection between client and proxy > when used with one time password systems ( as we do in our product) allows > sites to authenticate strongly which of their users can do WEB stuff. > This sounds interesting. But I am not sure whether you (1) Authenticate a client only once for a persistent connection, or (2) Authenticate each transaction (reusing the password), but use a new password anytime there is a new connection. Either would seem possible. If it is (1) then strictly speaking you are probably not HTTP compliant since you are essentially making the Proxy-Authorization header "sticky". But I see no reason that your proxy shouldn't interoperate with HTTP clients. If it is (2) then you aren't strictly using one-time passwords, as the same password is re-used for each transaction, but you should have essentially all the benefits of one-time passwords. John Franks Dept of Math. Northwestern University john@math.nwu.eduReceived on Wednesday, 28 August 1996 15:07:21 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:08 EDT