W3C home > Mailing lists > Public > www-talk@w3.org > July to August 1995

Re: 3 Proposals: session ID, business-card auth, customer auth

From: Mike Meyer <mwm@contessa.phone.net>
Date: Tue, 18 Jul 95 09:51:30 PST
Message-Id: <19950718.7A73668.90C4@contessa.phone.net>
To: www-talk@w3.org
> >******* II. The business-card authentication scheme
> >
> >I propose a new http authentication scheme; let's call it
> >"business-card". Its purpose is to facilitate access control policies
> >similar to "I'll show you my information if you'll leave your business
> >card in the bowl."

This does nothing to insure that the information is correct. However,
it's a nice idea, and beats the alternative of a "registration" page
that people can put the same lies on.

> What about the millions of installed browsers which don't have the business
> card authentication scheme built in?  Some browsers [Enhanced Mosaic plug]
> might have plug-in security modules, but they're the exception.

Presumably, such a scheme would have use an extension header, ala the
Digest authentication method. Presumably, it would look like:

	Extension: Security/Card

Servers that have plug-in and chainable modules [aws plug] could then
either use the Security/Card method if the extension line was in the
headers, or hand back the "registration" page if there was no
extension line.

	<mike
Received on Tuesday, 18 July 1995 12:58:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:17 GMT