W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

RE: Straw-man charter for http-bis -- call for errata/clarifications to 2617

From: Eric Lawrence <ericlaw@exchange.microsoft.com>
Date: Thu, 31 May 2007 14:28:26 -0700
To: Cyrus Daboo <cyrus@daboo.name>, Henrik Nordstrom <henrik@henriknordstrom.net>
CC: Robert Sayre <sayrer@gmail.com>, Mark Nottingham <mnot@mnot.net>, Larry Masinter <LMM@acm.org>, Eliot Lear <lear@cisco.com>, Julian Reschke <julian.reschke@gmx.de>, Paul Hoffman <phoffman@imc.org>, Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <8301DE7F96C0074C8DA98484623D7E51157CAB5862@DF-MASTIFF-MSG.exchange.corp.microsoft.com>

Cyrus--

You're right, but Henrik's point still stands.  The existing implementation of Negotiate/NTLM is significantly different than the conventional HTTP authentication "per-message" model.  It may be difficult (or undesirable) to roll this into RFC2616.

Eric Lawrence
Program Manager
Internet Explorer


-----Original Message-----
From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Cyrus Daboo
Sent: Thursday, May 31, 2007 2:16 PM
To: Henrik Nordstrom
Cc: Robert Sayre; Mark Nottingham; Larry Masinter; Eliot Lear; Julian Reschke; Paul Hoffman; Apps Discuss; ietf-http-wg@w3.org
Subject: Re: Straw-man charter for http-bis -- call for errata/clarifications to 2617


Hi Henrik,

--On May 31, 2007 8:57:28 PM +0200 Henrik Nordstrom
<henrik@henriknordstrom.net> wrote:

>> (form-based, cookie-based etc). We then have separate documents for each
>> of  the http-based schemes basic and digest - and we should add
>> Kerberos/SPNEGO  to that too.
>
> Note: Both Kerberos & SPNEGO both break the foundations laid out by
> RFC2616 and 2617, tying authentication to connections and not messages.

Well there is already RFC4559 and some folks in the security area were
working on tidying that up a bit more for a proposed standard.

--
Cyrus Daboo
Received on Thursday, 31 May 2007 21:30:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:10 GMT