W3C home > Mailing lists > Public > pics-interest@w3.org > April 1999

Re: Publically available PICS Label Bureau for RDF migration testbed?

From: Chris Patterson <chris@maxum.com>
Date: Thu, 08 Apr 1999 16:22:57 -0500
To: Dan Connolly <connolly@w3.org>
CC: pics-interest@w3.org
Message-ID: <1288536860-89527347@maxum.com>
> Chris Patterson wrote:
>> There is no reason some kind of authentication method to identify
>> "registered" users couldn't be used in the PICS HTTP request. It would
>> probably require some kind of public/private key system (Cookies? PGP? SSL?)
>> -- HTTP's "basic" authentication method wouldn't cut it. But whatever method
>> was agreed upon would need to be implemented in the PICS clients.
>
> Would digest authentication[1] cut it?
> i.e. do you really need public key stuff, or are you
> just trying to avoid passwords-in-the-clear?
>
> Hmm... your mention of SSL reminds me that confidentiality
> might be important...

Digest authentication seems like it would do the trick, if the PICS label
bureau used "single-use" nonce values to ensure that each and every hit (for
which a charge could be assessed) is properly authenticated. Right?

=====================================================
Chris Patterson                       chris@maxum.com
Maxum Development Corp.          http://www.maxum.com

          "Tao?" "Nah, I prefer to drip-dry."
=====================================================
Received on Thursday, 8 April 1999 17:21:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 06:30:07 GMT