W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

RE: Backwards definition of authentication header

From: Eran Hammer-Lahav <eran@hueniverse.com>
Date: Fri, 4 Dec 2009 10:22:19 -0700
To: Thomas Maslen <Thomas.Maslen@quest.com>, Julian Reschke <julian.reschke@gmx.de>
CC: "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
Message-ID: <90C41DD21FB7C64BB94121FBBC2E7234378529362E@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Is there a list somewhere of all existing HTTP auth schemes and their specifications?

EHL

> -----Original Message-----
> From: Thomas Maslen [mailto:Thomas.Maslen@quest.com]
> Sent: Friday, December 04, 2009 9:04 AM
> To: Eran Hammer-Lahav; Julian Reschke
> Cc: HTTP Working Group (ietf-http-wg@w3.org)
> Subject: RE: Backwards definition of authentication header
> 
> [...]
> >> Is there anything *except* for the broken ABNF with respect to Basic
> >> that makes you think the definition isn't binding?
> >
> > No. But since Basic is 50% of 2617, it is a pretty big exception...
> > :-)
> 
> For what it's worth, the "Negotiate" and :"NTLM" auth schemes are like Basic
> inasmuch as they just have the scheme name followed by a Base64 blob.
> 
> (Perhaps schemes such as Digest that actually satisfy the ABNF are in the
> minority?)
Received on Friday, 4 December 2009 17:22:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:14 GMT