W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

RE: Backwards definition of authentication header

From: Eran Hammer-Lahav <eran@hueniverse.com>
Date: Fri, 4 Dec 2009 11:24:48 -0700
To: Thomas Maslen <Thomas.Maslen@quest.com>, Julian Reschke <julian.reschke@gmx.de>
CC: "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343785293686@P3PW5EX1MB01.EX1.SECURESERVER.NET>
This is a useful resource:

http://code.google.com/p/browsersec/wiki/Part3#HTTP_authentication

EHL

> -----Original Message-----
> From: Eran Hammer-Lahav
> Sent: Friday, December 04, 2009 9:22 AM
> To: 'Thomas Maslen'; Julian Reschke
> Cc: HTTP Working Group (ietf-http-wg@w3.org)
> Subject: RE: Backwards definition of authentication header
> 
> Is there a list somewhere of all existing HTTP auth schemes and their
> specifications?
> 
> EHL
> 
> > -----Original Message-----
> > From: Thomas Maslen [mailto:Thomas.Maslen@quest.com]
> > Sent: Friday, December 04, 2009 9:04 AM
> > To: Eran Hammer-Lahav; Julian Reschke
> > Cc: HTTP Working Group (ietf-http-wg@w3.org)
> > Subject: RE: Backwards definition of authentication header
> >
> > [...]
> > >> Is there anything *except* for the broken ABNF with respect to
> > >> Basic that makes you think the definition isn't binding?
> > >
> > > No. But since Basic is 50% of 2617, it is a pretty big exception...
> > > :-)
> >
> > For what it's worth, the "Negotiate" and :"NTLM" auth schemes are like
> > Basic inasmuch as they just have the scheme name followed by a Base64
> blob.
> >
> > (Perhaps schemes such as Digest that actually satisfy the ABNF are in
> > the
> > minority?)
Received on Friday, 4 December 2009 18:25:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:14 GMT