W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: Issue 141: "should we have an auth scheme registry"

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 28 Sep 2010 18:00:26 +0200
Message-ID: <4CA2111A.1070600@gmx.de>
To: Cyrus Daboo <cyrus@daboo.name>
CC: HTTP Working Group <ietf-http-wg@w3.org>
On 28.09.2010 17:37, Cyrus Daboo wrote:
> ...
>> SASL has a different registration requirements for single names and
>> family of names; when you register a family of names you essentially
>> delegate a part of the space of names to another spec -- do we really
>> want that?
>
> Take a look at
> <http://tools.ietf.org/id/draft-johansson-http-gss-05.txt> which
> actually tried to define an HTTP auth registry. Whilst that has expired,
> I think there still might be interest in pursuing it.
> ...

As far as I can tell, this didn't try to define a generic registry...

Anyway: if there's a "family" of schemes, defined by the same 
specification, wouldn't it make more sense to have a single scheme name, 
and then dispatch depending on a scheme parameter instead?

So instead of

   WWW-Authenticate: FOO-BAR realm="realm"

one would use

   WWW-Authenticate: FOO realm="realm" type="BAR"

?

This would simplify the registry dramatically.

Best regards, Julian
Received on Tuesday, 28 September 2010 16:27:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:25 GMT