W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2001

Re: Digest Authentication

From: Alan Kent <ajk@mds.rmit.edu.au>
Date: Wed, 17 Oct 2001 10:06:49 +1000
To: WebDAV <w3c-dist-auth@w3.org>
Message-ID: <20011017100649.A23619@io.mds.rmit.edu.au>
Just thought I would add my 2 cents (oh, given Australian/US currency
conversion that might only be 1 cent :-) and say that our product is
unable to implement digest authentication for reasons similar to
those put forward by others.

Our product has to work in a range of different environments where
there are existing authentication mechanisms out of our control.
We cannot even guarantee that a user name and password will be
available for authentication! (One site uses SSL certificates only).
There is no way we can ask for plain text passwords. And there is
usually no way we can access even an encrypted version of it because
the supplied API does not permit it and its to hard for the customer
to change their security infrastructure just for us.

Bottom line is that I think that WebDAV does not need to specify
a security scheme - it can just say to use normal HTTP security
methods. It seems like an orthogonal issue to WebDAV to me.

Alan
Received on Tuesday, 16 October 2001 20:07:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:58 GMT