W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2006

Fwd: [Moderator Action] Re: [Ietf-http-auth] Clients desiring to authenticate

From: Jim Whitehead <ejw@soe.ucsc.edu>
Date: Thu, 5 Jan 2006 11:24:57 -0800
To: webdav WG <w3c-dist-auth@w3.org>
Message-Id: <A8678D88-7AE8-43A4-A869-EB7894B83CAF@cs.ucsc.edu>
FYI.
- Jim

Begin forwarded message:

> From: Nicolas Williams <Nicolas.Williams@sun.com>
> Date: January 5, 2006 11:10:19 AM PST
> To: Lisa Dusseault <lisa@osafoundation.org>
> Cc: Joe Orton <joe@manyfish.co.uk>, HTTP authentication list <ietf- 
> http-auth@osafoundation.org>, webdav WG <w3c-dist-auth@w3.org>
> Subject: [Moderator Action] Re: [Ietf-http-auth] Clients desiring  
> to authenticate
>
>
>
> On Thu, Jan 05, 2006 at 10:33:13AM -0800, Lisa Dusseault wrote:
>> I do agree both of the approaches outlined in the current appendix  
>> are
>> hacks.  We had previously specified a non-hack approach -- a
>> "Force-Authentication" request header flag that indicated the client
>> might have authorization information which it could provide if  
>> only the
>> server sent a challenge.
>
> It's not necessarily easy for the server to know that a client would
> have more access were it to authenticate (at all, differently), though
> it's safe to assume that it might.
>
> I think this is the identity selection problem, which I did not think
> this list was intended to tackle.
>
> Nico
> -- 
Received on Thursday, 5 January 2006 19:25:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:12 GMT