W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 2000

ticket based authentication

From: James G Smith <JGSmith@TAMU.Edu>
Date: Wed, 09 Aug 2000 16:47:09 -0500
Message-Id: <200008092147.QAA11322@hex.tamu.edu>
To: http-wg@cuckoo.hpl.hp.com
Cc: JGSmith@TAMU.Edu
From the response, it would seem some form of third-party 
authentication may be desired and useful, but no clear concensus 
on how best to go about it.  I don't have an answer to that, but 
I have put my thoughts together in the form of a draft, which 
should appear sometime as 

     draft-smith-http-third-party-authentication-00.txt 

Until it is posted on the IETF site, it is available from my
own workstation at 

  http://hex.tamu.edu/drafts/draft-smith-http-third-party-authentication-00.txt 

I already have a correction for it -- the expiration time should 
be in GMT (section 2.2).

An issue that is not addressed is how to indicate that the client
should abandon the authentication process and discard the pending
request awaiting credentials.  The authentication process MUST
indicate one and only one of success or abandonment.  When in doubt,
the client may abandon the process?  This could be the case if
the client becomes confused as to what is going on.
--
James Smith <JGSmith@TAMU.Edu>, 409-862-3725
Texas A&M CIS Operating Systems Group, Unix
Received on Wednesday, 9 August 2000 22:45:05 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:38 EDT