- From: Jim Whitehead <ejw@soe.ucsc.edu>
- Date: Thu, 5 Jan 2006 11:24:57 -0800
- To: webdav WG <w3c-dist-auth@w3.org>
- Message-Id: <A8678D88-7AE8-43A4-A869-EB7894B83CAF@cs.ucsc.edu>
FYI. - Jim Begin forwarded message: > From: Nicolas Williams <Nicolas.Williams@sun.com> > Date: January 5, 2006 11:10:19 AM PST > To: Lisa Dusseault <lisa@osafoundation.org> > Cc: Joe Orton <joe@manyfish.co.uk>, HTTP authentication list <ietf- > http-auth@osafoundation.org>, webdav WG <w3c-dist-auth@w3.org> > Subject: [Moderator Action] Re: [Ietf-http-auth] Clients desiring > to authenticate > > > > On Thu, Jan 05, 2006 at 10:33:13AM -0800, Lisa Dusseault wrote: >> I do agree both of the approaches outlined in the current appendix >> are >> hacks. We had previously specified a non-hack approach -- a >> "Force-Authentication" request header flag that indicated the client >> might have authorization information which it could provide if >> only the >> server sent a challenge. > > It's not necessarily easy for the server to know that a client would > have more access were it to authenticate (at all, differently), though > it's safe to assume that it might. > > I think this is the identity selection problem, which I did not think > this list was intended to tackle. > > Nico > --
Received on Thursday, 5 January 2006 19:25:03 UTC