W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: Henrik Nordström <henrik@henriknordstrom.net>
Date: Wed, 29 Feb 2012 20:19:32 +0100
Message-ID: <1330543172.24673.7.camel@home.hno.se>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, mnot@mnot.net, iesg@ietf.org, ietf-http-wg@w3.org, IETF-Discussion <ietf@ietf.org>
tis 2012-02-21 klockan 19:50 +0100 skrev Julian Reschke:
> Well, we have an existing authentication framework. It would be 
> interesting to find out what's missing from it.

My take is better secure authentication schemes (not plaintext password
based) which is cleanly specified to a level that implementations
actually interop properly, and the ability for site owners (and proxies)
to influence how the login process is presented to users in a safe
manner that do not collide with preceived https security or makes a mess
for matchine<->machine communication not involving humans.

The existing HTTP auth framework works in general very well for
machine<->machine. 

This said I have used HTTP Digest authentication quite successfully (but
with a number of interop workarounds) with non-tech users using the
default login box, only providing a good error response message seen if
the user cacels of fails the login.

Regards
Henrik
Received on Wednesday, 29 February 2012 19:20:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT