W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 2000

RE: ticket based authentication

From: David W. Morris <dwm@xpasc.com>
Date: Wed, 2 Aug 2000 19:02:07 -0400 (EDT)
To: Scott Lawrence <lawrence@agranat.com>
cc: "Life is hard, and then you die" <ronald@innovation.ch>, James G Smith <JGSmith@TAMU.Edu>, http-wg@cuckoo.hpl.hp.com
Message-ID: <Pine.SOL.4.10.10008021859390.24779-100000@ncal.verio.com> 
While not commenting directly on the proposal, I would note in my
application deployment role ... firewall and application service provider
issues make the missing function Scott mentions an important capability.

Thanks,
  Dave Morris

On Wed, 2 Aug 2000, Scott Lawrence wrote:

> 
> > From: ronald@innovation.ch
> 
> > Isn't the algorithm=MD5-sess in Digest auth sufficient? The A1 is
> > basically your ticket. Or maybe I'm missing something.
> 
> No, Digest as currently defined allows the http server to consult a
> third party authentication server in order to obtain the secret (but
> does not specify how that should be done).  It does not, however, meet
> the need described here - that the http server be able to instruct the
> client to first obtain credentials through the third party server.
Received on Thursday, 3 August 2000 00:03:08 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:38 EDT