W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2002

RE: Interop issue: how can clients force authentication?

From: Jason Crawford <nn683849@smallcue.com>
Date: Sun, 22 Sep 2002 22:37:14 -0400
To: "Dyer, Kevin" <kevin.dyer@matrixone.com>
Cc: "'Clemm, Geoff'" <gclemm@Rational.Com>, Webdav WG <w3c-dist-auth@w3c.org>
Message-ID: <OF8B93DAB0.CFBF8DFF-ON85256C3D.000D6AA0@us.ibm.com>




> With this as the problem statement, I believe that we need to look
outside of
> our own protocol here and take a look at one or more protocols that o=
nly
deal
> with the authentication and authorization of users and systems. Why d=
oes
WebDAV
> have to come up with the whole package themselves? If we look at the =
SAML

> specifications for a moment, it provides the ability to request from =
a
server
> what a particular user is asking for and get back a complete answer. =
Yes,
it is
> another call but the user is guaranteed to have a complete answer as =
to
> authentication and authorization across a large circle of influence. =
By
> adopting SAML as the back-end mechanism we will also pick up a true
single
> sign-on capability for WebDAV, something we've talked about and allud=
ed
to but
> have not considered it in the RFC.
>
> =A0=A0=A0=A0=A0=A0=A0 =A0=A0=A0=A0=A0=A0=A0 =A0=A0=A0=A0=A0=A0=A0 Com=
ments, rocks, bottles, or stones?

SAML is probably pretty good, but our needs appear to be minimal (or le=
ss)
and
as you can see from Geoff's posting, providing that capability in some =
form
would
probably be trivial. That doesn't mean that clients shouldn't/can't use=

SAML.  They
can if they want.  But it's not something that is generally required to=

achieve the
WebDAV functionality and interoperability, at least not for
this problem,  so it probably doesn't need to go in the base WebDAV spe=
c.
=
Received on Sunday, 22 September 2002 23:52:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:01 GMT