W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 2000

Re: ticket based authentication

From: Life is hard, and then you die <ronald@innovation.ch>
Date: Wed, 2 Aug 2000 08:46:05 -0700
To: James G Smith <JGSmith@TAMU.Edu>
Cc: http-wg@cuckoo.hpl.hp.com
Message-ID: <20000802084605.C14060@innovation.ch>
On Wed, Aug 02, 2000 at 09:34:07AM -0500, James G Smith wrote:
> I think I recall some mention that security related issues were 
> not being dealt with by this group, but then I saw the RFC for 
> Basic and Digest Access Authentication among this groups RFCs...
> 
> If this has been answered already, then a gentle reminder of 
> where I need to look will be sufficient :P
> 
> +---
> |
> | I would like to propose an extension to the HTTP standard to 
>   include yet another authentication scheme.  This would allow for 
>   clients to use a third-party URL (third party being not the 
>   client and not the site requiring authentication) to generate the 
>   authentication credentials.
[snip]

Isn't the algorithm=MD5-sess in Digest auth sufficient? The A1 is
basically your ticket. Or maybe I'm missing something.


  Cheers,

  Ronald
Received on Wednesday, 2 August 2000 16:49:55 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:38 EDT