- From: Albert Lunde <atlunde@panix.com>
- Date: Wed, 17 Jul 2013 06:04:51 -0500
- To: ietf-http-wg@w3.org
One area of previous work that may be relevant is Web-Single-Signon systems. These tend to rely on some unattractive mix of JavaScript, cookies, and other gimmicks to complete the authentication exchange, but they are representative of what people have tried to layer on top of HTTP/1.1 to replace Basic auth, and provide sessions of a sort. Shibboleth and CAS are notable examples using SAML and Kerberos respectively. It seems like there are use cases to delegate authentication to a trusted third-party and/or maintain sessions. There may be some mechanisms that HTTP/2.0 could support to make this easier, but it's a different question than just the framework used by Basic and Digest auth.
Received on Wednesday, 17 July 2013 11:05:12 UTC