- From: Matt Timmermans <mtimmerm@opentext.com>
- Date: Tue, 23 Oct 2001 19:05:19 -0400
- To: "'Jim Whitehead'" <ejw@cse.ucsc.edu>, "'Dylan Barrell'" <dbarrell@opentext.com>, "'WebDAV'" <w3c-dist-auth@w3.org>
I'm happy with Basic over SSL. If you want security over the Web, you might as well use SSL. Most of our intranet customers would probably prefer NTLM. For parts of the intranet that don't require security, Basic suffices. I'm not sure that really secure authentication without SSL is even a requirement, but if you want it, then there are several alternative public key technologies that do just fine. While any organization might choose one of these, they are not without IP issues, as you've noted. Without public key techniques, there is a limit on how secure authentication can be. Digest doesn't meet that limit, because it's possible to require eavesdropping on an authentication session _and_ access to the server's stored password information, before it's possible to impersonate a user. I don't know of any standard scheme like this, though, and I don't know if there's a need for one. > -----Original Message----- > From: w3c-dist-auth-request@w3.org > [mailto:w3c-dist-auth-request@w3.org]On Behalf Of Jim Whitehead > Sent: Tuesday, October 23, 2001 6:20 PM > To: Dylan Barrell; mtimmerm@opentext.com; 'WebDAV' > Subject: RE: Digest Authentication > > > Dylan, Matt, others: Out of curiosity, what authentication > options do you > consider to be good enough to meet your requirements? > > - Jim
Received on Tuesday, 23 October 2001 19:06:27 UTC