W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2000

RE: Passwords and WebDAV

From: Kevin Dyer <kevin.dyer@matrix-one.com>
Date: Fri, 26 May 2000 07:56:27 -0400
To: "Greg Stein" <gstein@lyra.org>, "Dan Burton" <DPBURTON@novell.com>
Cc: <w3c-dist-auth@w3.org>
Message-ID: <NEBBKLMONKKHDPLAGAGMCENOCAAA.kevin.dyer@matrixone.com>


> -----Original Message-----
> From: w3c-dist-auth-request@w3.org
> [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Greg Stein
> Sent: Thursday, May 25, 2000 7:44 PM
> To: Dan Burton
> Cc: <
> Subject: Re: Passwords and WebDAV
> 
> 
> IMO, changing passwords is out-of-scope of WebDAV.  There are too many

Changing passwords may be out-of-scope but providing a return code 
mechanism for revoking credentials, or to inform the user that their 
password/temporary password must be renewed is not.  About a year and a 
half ago I made a suggestion to the HTTP-WG that we add a return code
or set of return codes to do just that.  Provide a mechanism to the
underlying authentication and authorization systems that allows the
system to notify it's users in a standardized manner that something 
needs to be addressed.  The suggestion was tabled due to the timing
and where 1.1 was in the loop.

As Dan points out most of the new clients that are interfacing with
a WebDAV server are not browsers so they are incapable of displaying
HTML pages. So what do we put into the protocol to allow such 
interoperability?

> authentication systems and mechanisms out there, with too many variant
> requirements for changing passwords.
> 
> While it would certainly be possible to create an HTTP-based protocol for
> changing passwords, that seems to be an issue between the client and the
> authentication system (which is probably separate from the web server).
> 
> YMMV
> 
> Cheers,
> -g
> 
> On Thu, 25 May 2000, Dan Burton wrote:
> > This may be an issue that has scope beyond WebDAV, however the
> > problems we are having are WebDAV related. Also I believe this is an
> > issue that is more important to WebDAV then it is to the http protocol
> > in general.
> > 
> > We need to have the ability to expire passwords to force users to
> > change passwords. When a users password is expired they are given a
[snip Dan's description of non-browser interactions]
> > It seems to me that this could be something the WebDAV group could
> > address. Maybe an addition to WebDAV that allows for notification that
> > the users account needs to be updated (password changed) and a method
> > of changing updating user account information.
> > 
Received on Friday, 26 May 2000 07:57:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:54 GMT