- From: Alexey Melnikov <alexey.melnikov@isode.com>
- Date: Mon, 02 Jul 2007 12:22:18 +0100
- To: Henrik Nordstrom <henrik@henriknordstrom.net>
- CC: Julian Reschke <julian.reschke@gmx.de>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Henrik Nordstrom wrote: >tor 2007-06-07 klockan 18:18 +0200 skrev Julian Reschke: > > >>BTW: does the framework really require fixing? >> >> >Not really imho. It's an extensible negotiable framework for message >based authentication with no dependencies on how such authentication is >implemented besides it being message based to fit in the message >structure of HTTP. > > I don't think that the framework itself is broken. But one thing that needs to clarified is that authentication exchange using a new authentication mechanism X can use more than 1 roundtrip and use the same HTTP header for each authentication step. Many existing implementations are designed to expect data from the second round trip in another header (like in Digest).
Received on Monday, 2 July 2007 12:39:11 UTC