W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

RE: Security Requirements for HTTP, draft -00

From: Paul Leach <paulle@windows.microsoft.com>
Date: Fri, 1 Feb 2008 14:39:28 -0800
To: "Roy T. Fielding" <fielding@gbiv.com>, Paul Hoffman <paul.hoffman@vpnc.org>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <920B8B05FB49A04699188E04302FE87D592D2BAFAC@NA-EXMSG-W602.wingroup.windeploy.ntdev.microsoft.com>



-----Original Message-----
From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Roy T. Fielding
Sent: Friday, February 01, 2008 12:51 PM
To: Paul Hoffman
Cc: HTTP Working Group

>
> Number of requests per day.

Not even close.  Regular old HTTP authentication requests outnumber
browser-driven forms-based use of the Web (on a per request basis)
by an order of magnitude.
[Paul Leach] Are you taking into account that, after an FBA, subsequent requests to the same site are authorized by a cookie (i.e., they have no auth headers at all), whereas with Basic every request has an auth header? If not, your statement could be strictly speaking correct, but you'd be using a metric that's different than what other people have in mind as being on a "per request basis".
Received on Friday, 1 February 2008 22:39:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:36 GMT