W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: Henrik Nordström <henrik@henriknordstrom.net>
Date: Thu, 01 Mar 2012 01:58:43 +0100
Message-ID: <1330563523.24673.202.camel@home.hno.se>
To: Adrien de Croy <adrien@qbik.com>
Cc: ietf-http-wg@w3.org
tor 2012-03-01 klockan 13:13 +1300 skrev Adrien de Croy:
> 
> NTLM could be made non-connection-oriented if http auth had some sort of 
> context attribute that identified the auth conversation (in both 
> challenges and responses), instead of having to associate it with the 
> connection.

Yes.

Also would have been quite trivial for NTLM/Negotiate to use a hashed
session cookie similar to how Digest operates. NTLM have shared secrets
only known to client & server.

Which is again the question if auth framework should have some kind of
session concept, or if that belongs in the auth scheme.

Regards
Henrik
Received on Thursday, 1 March 2012 00:59:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT