W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1999

RE: user credential passing standard

From: Nottingham, Mark (Australia) <mark_nottingham@exchange.au.ml.com>
Date: Wed, 14 Apr 1999 22:24:33 -0400 (EDT)
Message-ID: <D900F0C3D524D111971F00805F0D50E1022F4729@SV-MEEXCH-01.au.ml.com>
To: "'tvaughan@aventail.com'" <tvaughan@aventail.com>, www-talk@w3.org
I asked a similar question on HTTPwg a while back, and got a few interesting
responses. Check the mailing list.

Probably the best is from Jim Gettys:

>The revised digest authentication can be implemented to allow cross server 
>sharing of authentication information (without the danger of stealing 
>of one header allowing access to other servers), which should solve this 
>problem (without the kluding of using a proxy to do the translations).
>
>The back end servers can communicate among themselves the authentication
>information with whatever protocol is appropriate (e.g. Kerberos).
>
>This was one of the major flaws in RFC2069, and is being fixed in
>the revision.  Paul Leach had the idea that makes this feasible
>after 2069 was issued.
>
>Please look at a current draft of the revision to see the details.

Digest auth definately has this capability, and is (more) secure.
Unfortunately, there still aren't many browsers who support Digest (haven't
checked with the latest, but if any of your users use even moderately old
ones, you're out of luck).

Hope this helps,



> -----Original Message-----
> From: tvaughan@aventail.com [mailto:tvaughan@aventail.com]
> Sent: Thursday, April 15, 1999 4:23 AM
> To: www-talk@w3.org
> Subject: user credential passing standard
> 
> 
> Is there a standard way to pass user credentials from one web 
> server/proxy
> to another web server/proxy? Like encrypted cookies or something.
> 
> -Tom
> 
Received on Thursday, 15 April 1999 01:28:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:24 GMT