W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2000

RE: Passwords and WebDAV

From: Jim Whitehead <ejw@ics.uci.edu>
Date: Thu, 1 Jun 2000 15:21:21 -0700
To: Dan Burton <DPBURTON@novell.com>, WebDAV WG <w3c-dist-auth@w3.org>
Message-ID: <NDBBIKLAGLCOPGKGADOJOEIODEAA.ejw@ics.uci.edu>
Hmm, well I can see how this is an important deployment issue. I think the
problem of notifying the user that their password has expired would be
easier than providing a password modification protocol.

It seems to be this problem isn't inherent to authoring -- regular Web
access could run into this problem as well.  For example, if my subscription
to an online magazine, or digital library runs out, I might want to receive
a message as well.  But, authoring certainly does bring in clients that do
not have HTML rendering capability.

I think the best way to address this would be for someone to volunteer to
write up an Internet Draft describing a new status code, and its meaning, to
cover the password expiration, and password refresh cases.  I think it
should scrupulously avoid functionality that would allow a user to reset
their password, unless it involved returning the URL of a Web page that
would allow the password to be reset.

But, this wouldn't affect existing WebDAV clients fast enough to affect your
current situation -- for that, one option is to use email as a notification
service, telling users their passwords have expired.

- Jim


> In my original message I said this may be out of the scope of
> WebDAV, but now I think it is critical to WebDAV. We a currently
> working on this issue with a large customer. With a normal HTTP
> client (one that renders html) it is possible to solve the
> expired password problem. However, with WebDAV clients there
> currently is no way to solve this problem. This is currently THE
> issue that is preventing the adoption of WebDAV for this
> customer. If we want to have people use the WebDAV protocol we
> have to be willing to solve problems like this one.
Received on Thursday, 1 June 2000 18:24:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:54 GMT