W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 2000

RE: ticket based authentication

From: Scott Lawrence <lawrence@agranat.com>
Date: Wed, 2 Aug 2000 14:13:10 -0400
To: "Life is hard, and then you die" <ronald@innovation.ch>, "James G Smith" <JGSmith@TAMU.Edu>
Cc: <http-wg@cuckoo.hpl.hp.com>
Message-ID: <002f01bffcad$50bf0160$6d864993@oyster.ietf.marconi.com> 

> From: ronald@innovation.ch

> Isn't the algorithm=MD5-sess in Digest auth sufficient? The A1 is
> basically your ticket. Or maybe I'm missing something.

No, Digest as currently defined allows the http server to consult a
third party authentication server in order to obtain the secret (but
does not specify how that should be done).  It does not, however, meet
the need described here - that the http server be able to instruct the
client to first obtain credentials through the third party server.

--
Scott Lawrence
Received on Wednesday, 2 August 2000 19:17:33 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:38 EDT