- From: Alan Kent <ajk@mds.rmit.edu.au>
- Date: Fri, 2 Nov 2001 13:52:54 +1100
- To: w3c-dist-auth@w3.org
On Thu, Nov 01, 2001 at 05:52:37PM -0800, Jim Whitehead wrote: > * Basic MUST NOT be used unless the connection is secure. Secure is defined > to be TLS over the Internet, a physically secure network, or a network > behind a well-administered firewall. > > Client requirements: MUST support Basic, SSL/TLS support is STRONGLY > RECOMMENDED > Server requirements: SHOULD support Basic, SSL/TLS support is STRONGLY > RECOMMENDED > > * Digest SHOULD be used when the connection is insecure, such as a non-TLS > connection over the Internet. > > Client requirements: MUST support Digest > Server requirements: SHOULD support Digest, but it is acceptable for Digest > authentication to be disabled by default. It SHOULD be possible for an > administrator to configure a server to use Digest. > > * Additional authentication schemes beyond Basic and Digest MAY be > supported, whether or not described in an IETF specification. Implementors > should be aware that use of other authentication schemes guarantees some > level of non-interoperation of that authentication scheme, since all WebDAV > clients and servers cannot be expected to support that authentication > scheme. > > * Finally, to guarantee some level of authentication will be possible: a > server MUST at minimum support either Basic OR Digest. A server SHOULD > support Basic AND Digest. ... > Comments? > > - Jim Sounds good to me. Alan
Received on Thursday, 1 November 2001 21:53:46 UTC