W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: Reuse of credentials per realm, was: SECDIR review of draft-ietf-httpbis-p7-auth-24

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 30 Oct 2013 18:59:20 +0100
Message-ID: <527148F8.4050909@gmx.de>
To: Stephen Kent <kent@bbn.com>, secdir <secdir@ietf.org>, fielding@gbiv.com, mnot@pobox.com, Barry Leiba <barryleiba@computer.org>, Pete Resnick <presnick@qti.qualcomm.com>, "Mankin, Allison" <amankin@verisign.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 2013-10-30 17:51, Stephen Kent wrote:
> Julian,
>
> Since, as you note, the server ultimately accepts or rejects the
> credentials,
> it was not clear under what circumstances "user preferences" are a valid
> factor
> in deciding when to stop using the same set of credentials. If you could
> elaborate
> that would be useful.

Well, that text was written 14 years ago, so I really don't know exactly 
what the authors had in mind.

That being said, here's an example: a user pref defining how long 
credentials can be sent after a certain time of inactivity.

Best regards, Julian
Received on Wednesday, 30 October 2013 17:59:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC