Chris Patterson wrote: > There is no reason some kind of authentication method to identify > "registered" users couldn't be used in the PICS HTTP request. It would > probably require some kind of public/private key system (Cookies? PGP? SSL?) > -- HTTP's "basic" authentication method wouldn't cut it. But whatever method > was agreed upon would need to be implemented in the PICS clients. Would digest authentication[1] cut it? i.e. do you really need public key stuff, or are you just trying to avoid passwords-in-the-clear? Hmm... your mention of SSL reminds me that confidentiality might be important... [1] "HTTP Authentication: Basic and Digest Access Authentication", J. Franks, P. Hallam-Baker, J. Hostetler, P. Leach, A. Luotonen, E. Sink, L. Stewart, S. Lawrence, 11 Sep 1998. http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-authentication-03.txt see also: Dec 16, 1998: Jose Kahan announces client-side Digest Authentication implementation in libwww - try it out! -- http://www.w3.org/Protocols/ -- Dan Connolly, W3C http://www.w3.org/People/Connolly/ tel:+1-512-310-2971 (office, mobile) mailto:connolly.pager@w3.org (put your tel# in the Subject:)Received on Thursday, 8 April 1999 15:50:29 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 06:30:07 GMT