W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: draft-montenegro-httpbis-multilegged-auth-01

From: Alexey Melnikov <alexey.melnikov@isode.com>
Date: Fri, 13 Jul 2012 19:41:32 +0100
Message-ID: <50006BDC.4020200@isode.com>
To: Nico Williams <nico@cryptonector.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
On 10/07/2012 18:45, Nico Williams wrote:
> On Tue, Jul 10, 2012 at 11:32 AM, Alexey Melnikov
> <alexey.melnikov@isode.com> wrote:
>> You REST-GSS approach has some benefits over currently existing web
>> authentication, so I am looking forward to discussing with the WG whether
>> this should be the basis for all future web authentication mechanisms.
> Thanks.  I may be biased but I tend to agree :)
>
> What benefits do you see?

You use existing HTTP features, so hopefully that would be easier to 
implement than extensions to existing HTTP authentication framework.

There is also a benefit for not reusing WWW-Authenticate/Authorisation 
headers for multileg authentication, because it is not entirely clear 
how existing clients would handle unrecognized authentication 
mechanisms. So not needing to deal with backward compatibility might be 
a plus.
Received on Friday, 13 July 2012 18:41:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 13 July 2012 18:41:32 GMT