W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Proposal for new HTTP 1.1 authentication scheme

From: <Eric_Houston/CAM/Lotus@lotus.com>
Date: Mon, 15 Dec 1997 09:55:15 -0500
To: Jim Gettys <jg@pa.dec.com>, zurko@opengroup.org
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <8525656E.00515BAC.00@mta2.lotus.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4980
I don't see why a standard ACL protocol cannot be specified, it would add

---------------------- Forwarded by Eric Houston/CAM/Lotus on 12/15/97
09:51 AM ---------------------------

Mary Ellen Zurko <zurko@opengroup.org> on 12/11/97 08:41:29 AM

To:   Eric Houston/CAM/Lotus
cc:   jg@pa.dec.com (Jim Gettys) ,
      http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, zurko@opengroup.org
Subject:  Re: Proposal for new HTTP 1.1 authentication scheme

>  1) When the content server redirects the request to the authentication
> server, it encrypts the ACL for the protected resource.  The
> server then validates the user against the (decrypted) ACL and returns
> first matching entry to be cached in the browser.  When the browser is
> queried for user credentials, the encrypted (authenticated) group
> affiliations are returned to the content server.
Since there are no standardized ACLs, I don't think this can be
addressed in the HTTP spec. Or did I miss the part where ACLs were
added to HTTP?
Received on Tuesday, 16 December 1997 15:06:31 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:21 UTC