W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2010

Re: Past Proposals for HTTP Auth Logout

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 13 Jan 2010 14:55:40 +0100
Message-ID: <4B4DD0DC.1090708@gmx.de>
To: Robert Sayre <sayrer@gmail.com>
CC: Tim <tim-projects@sentinelchicken.org>, ietf-http-wg@w3.org
Robert Sayre wrote:
> On Thu, Jan 7, 2010 at 1:24 PM, Tim <tim-projects@sentinelchicken.org> wrote:
>> I appologize in advance if this is not an appropriate place to ask
>> this question.
> 
> Feel free to ask questions, but this group is not chartered to add
> features to HTTP authentication schemes. The charter is here:
> 
> <http://www.ietf.org/dyn/wg/charter/httpbis-charter.html>

Yes.

>> I'm doing some research and I'm interested in learning about any past
>> proposals to augment HTTP authentication (basic/digest) with a logout
>> feature.
> 
> That would address one shortcoming of those schemes, but they both
> have more fundamental problems. See
> 
> <http://tools.ietf.org/html/draft-ietf-httpbis-security-properties-03#section-2.2>

True as well. But that being said: just because there are many problems 
to solve doesn't mean we shouldn't try one at a time (if (!) it's 
possible to both specify the solutions and deploy them).

BR, Julian
Received on Wednesday, 13 January 2010 13:56:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:16 GMT