W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

RE: Straw-man charter for http-bis -- call for errata/clarifications to 2617

From: Paul Leach <paulle@windows.microsoft.com>
Date: Thu, 31 May 2007 17:30:35 -0700
Message-ID: <76323E9F0A911944A4E9225FACFC55BA04AFFC91@WIN-MSG-20.wingroup.windeploy.ntdev.microsoft.com>
To: Henrik Nordstrom <henrik@henriknordstrom.net>
CC: Eric Lawrence <ericlaw@exchange.microsoft.com>, <ietf-http-wg@w3.org>

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@henriknordstrom.net] 
Sent: Thursday, May 31, 2007 4:08 PM

> That was what my second suggestion from the message, part of which you

> quoted above, was about. I guess it wasn't clear enough.

Good. So lets keep that in mind when talking about RFC2617bis.

If Microsoft is willing to rework their authentication schemes so that a
future revision fits the HTTP message model, perhaps by using virtual
sessions instead of transport connections to identify the authentication
session then the need for extending HTTP to officially supporting
transport level authentication disappears.

[Paul Leach] I don't have anything to do with implementations of HTTP by
Microsoft anymore, so I can't say anything about what we might support
in the future. But even if we did what you suggest, it would take a long
time before any significant number of sites used it, because all sites
have to cater to older browsers, from many vendors.

> It would be a better approach, but it would still be pretty helpful to

> tell people how to interop with the existing approach.

The existing RFC is perfectly fine for that purpose.

The question here is if the requirements of RFC4559 "SPNEGO-based
Kerberos and NTLM HTTP Authentication in Microsoft Windows" should be on
the table while revising the HTTP specifications or not. I say firmly
[Paul Leach] What requirements are you referring to?
Received on Friday, 1 June 2007 00:31:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:42 UTC