- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 1 Feb 2008 12:50:43 -0800
- To: Paul Hoffman <paul.hoffman@vpnc.org>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Jan 28, 2008, at 1:46 PM, Paul Hoffman wrote: > At 10:27 PM +0100 1/28/08, Stephane Bortzmeyer wrote: >> On Mon, Jan 28, 2008 at 08:47:46AM -0800, >> Paul Hoffman <paul.hoffman@vpnc.org> wrote >> a message of 59 lines which said: >> >>> I strongly suspect that if you add up all the authentications done >>> on every HTTP server in the world today, forms+cookies+people would >>> win over ((nonforms+people) + (nonforms+nonpeople)). >> >> May be, it depends on the metrics you use :-) Number of >> installations, >> number of requests per day, number of US $ processed ? :-) > > Number of requests per day. Not even close. Regular old HTTP authentication requests outnumber browser-driven forms-based use of the Web (on a per request basis) by an order of magnitude. That's how a lot of services obtain the news, feeds, stock ticks, catalog updates, price quotes, and shipping calculations that eventually make it into a single shopping site's user-oriented page with cookies. The opinions stated in the draft are wrong and do nothing but obscure the mechanisms that are supposed to be described. I suggest you remove them and rely more on actual examples of authentication as used in HTTP. A lot of the stuff heard at an IETF meeting is simply old wives tales retold by folks who don't build application services, let alone the services that use HTTP. They should not be relied upon for this draft. ....Roy
Received on Friday, 1 February 2008 20:50:34 UTC