W3C home > Mailing lists > Public > public-forms@w3.org > April 2007

Issue on authentication in yesterday's telecon

From: Rafael Benito <rbenito@satec.es>
Date: Thu, 19 Apr 2007 11:06:41 +0200
To: <public-forms@w3.org>
Message-ID: <002401c78262$0b4c63b0$1023a4d5@int.satec.es>

Hi all,

some comments on yesterday's issue about http authentication.

This authrentication is triggered by the server returning a 401 message
(Unauthorized) to the browser when a server resource is protected and
session credentials are not sent in the request by the browser. The
authentication method in the header (WWW-Authenticate) can be "Basic" or

Then, the browser sends user and pasword to the server. In case "digest" is
requested, the password is hashed with MD5. I am not sure whether other hash
functions are allowed. Otherwise, the user and password are Base-64 encoded.

The server checks the authorization of the user and proceeds normally if
everything is OK or returns a 401 message if it fails.

IMO, this process does not require any additional markup in the XForms spec.
It should be all internally handled by the submission module.

A different issue is whether the spec should state that this authentication
methods have to be supported by the submission module.

The same issue could be extended to authentication with digital certificate
within the SSL protocol. Furthermore, proxy authentication could also be


Rafael Benito Ruíz de Villa
Director Area e-business
Móvil (+34) 617 314 293

MADRID <http://www.satec.es> 
Avda. Europa, 34 A
28023 Aravaca
Telf.: (+34) 91 708 90 00 / 91 211 03 00
Fax: (+34) 91 708 90 90 / 91 211 03 90

(image/gif attachment: Logo_sistemas.gif)

(image/gif attachment: logosatecwww2.gif)

Received on Thursday, 19 April 2007 09:06:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:13:49 UTC