W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

Re: [Bug 18] no record of consensus for force-authenticate

From: Stefan Eissing <stefan.eissing@greenbytes.de>
Date: Wed, 2 Nov 2005 20:47:59 +0100
Message-Id: <b9067abff5b7f4803cbc3a2dfb68a86c@greenbytes.de>
To: 'webdav' WG <w3c-dist-auth@w3.org>

> Am 31.10.2005 um 17:52 schrieb Jim Luther:
>
>>
>> On Oct 29, 2005, at 1:22 AM, Julian Reschke wrote:
>>
>>>> More generally, it's not actually a WebDAV problem alone. If a 
>>>> client does a GET to a dynamically generated page, they could 
>>>> easily see different results based on whether they're authenticated 
>>>> or not. Since browsers today often cache authentication 
>>>> information, this means that the browser could inform the server 
>>>> that they'd like the challenge to save the user the step of first 
>>>> going to the site, seeing the anonymous page version, then choosing 
>>>> to login. Of course some sites use cookies for this but cookies are 
>>>> sometimes disabled, expired, etc.
>>>
>>> In which case I would recommend to
>>>
>>> - update Jim's description of the problem accordingly and
>>>
>>> - do this in a separate draft, optimally discussed on the HTTP WG's 
>>> mailing list.
>>
>> I agree with those who have said this is not a WebDAV specific issue. 
>> It should be discussed as a separate HTTP issue.	

+1.

Stefan
Received on Wednesday, 2 November 2005 19:48:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:11 GMT