W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Proposal for new HTTP 1.1 authentication scheme

From: Mary Ellen Zurko <zurko@opengroup.org>
Date: Thu, 11 Dec 1997 13:41:29 GMT
Message-Id: <199712150757.HAA11660@cuckoo.hpl.hp.com>
To: Eric_Houston/CAM/Lotus@lotus.com
Cc: Jim Gettys <jg@pa.dec.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, zurko@opengroup.org
>  1) When the content server redirects the request to the authentication
> server, it encrypts the ACL for the protected resource.  The authentication
> server then validates the user against the (decrypted) ACL and returns the
> first matching entry to be cached in the browser.  When the browser is
> queried for user credentials, the encrypted (authenticated) group
> affiliations are returned to the content server.
> 

Since there are no standardized ACLs, I don't think this can be
addressed in the HTTP spec. Or did I miss the part where ACLs were
added to HTTP?
	Mez
Received on Sunday, 14 December 1997 23:59:42 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:05 EDT