W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: Proposal for new HTTP 1.1 authentication scheme

From: Woodhouse, Gregory J. <gregory.woodhouse@med.va.gov>
Date: Wed, 17 Dec 1997 18:55:36 -0600
Message-Id: <c=US%a=_%p=VA%l=VHAISFHBEXC1-971218005536Z-3735@vhaishhbexc1.med.va.gov>
To: "'http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com'" <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>, 'Mary Ellen Zurko' <zurko@opengroup.org>
Cc: "'jg@pa.dec.com'" <jg@pa.dec.com>
I believe ACLs are being discussed by the WEBDAV group. In any event, 
I agree that a general purpose ACL mechanism for HTTP would be of 
great value.

Gregory Woodhouse gregory.woodhouse@med.va.gov
May the dromedary be with you.


----------
From:  Mary Ellen Zurko [SMTP:zurko@opengroup.org]
Sent:  Thursday, December 11, 1997 5:41 AM
To:  http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Cc:  jg@pa.dec.com; http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com; 
zurko@opengroup.org
Subject:  Re: Proposal for new HTTP 1.1 authentication scheme

>  1) When the content server redirects the request to the 
authentication
> server, it encrypts the ACL for the protected resource.  The 
authentication
> server then validates the user against the (decrypted) ACL and 
returns the
> first matching entry to be cached in the browser.  When the browser 
is
> queried for user credentials, the encrypted (authenticated) group
> affiliations are returned to the content server.
>

Since there are no standardized ACLs, I don't think this can be
addressed in the HTTP spec. Or did I miss the part where ACLs were
added to HTTP?
	Mez
Received on Wednesday, 17 December 1997 16:53:23 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:05 EDT