W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2000

RE: Passwords and WebDAV

From: Dan Burton <DPBURTON@novell.com>
Date: Thu, 01 Jun 2000 09:14:09 -0600
Message-Id: <s9362966.012@prv-mail20.provo.novell.com>
To: "<"<w3c-dist-auth@w3.org>
In my original message I said this may be out of the scope of WebDAV, but now I think it is critical to WebDAV. We a currently working on this issue with a large customer. With a normal HTTP client (one that renders html) it is possible to solve the expired password problem. However, with WebDAV clients there currently is no way to solve this problem. This is currently THE issue that is preventing the adoption of WebDAV for this customer. If we want to have people use the WebDAV protocol we have to be willing to solve problems like this one.

>>> "Kevin Dyer" <kevin.dyer@matrix-one.com> 05/26/00 05:56AM >>>
Changing passwords may be out-of-scope but providing a return code 
mechanism for revoking credentials, or to inform the user that their 
password/temporary password must be renewed is not.  About a year and a 
half ago I made a suggestion to the HTTP-WG that we add a return code
or set of return codes to do just that.  Provide a mechanism to the
underlying authentication and authorization systems that allows the
system to notify it's users in a standardized manner that something 
needs to be addressed.  The suggestion was tabled due to the timing
and where 1.1 was in the loop.

As Dan points out most of the new clients that are interfacing with
a WebDAV server are not browsers so they are incapable of displaying
HTML pages. So what do we put into the protocol to allow such 
interoperability?
Received on Thursday, 1 June 2000 11:22:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:54 GMT