W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

RE: Proposal for new HTTP 1.1 authentication scheme

From: <Eric_Houston/CAM/Lotus@lotus.com>
Date: Wed, 10 Dec 1997 12:34:42 -0500
To: Jim Gettys <jg@pa.dec.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <85256569.005F69CC.00@mta2.lotus.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4886
Two new refinements that I would like to make:

 1) When the content server redirects the request to the authentication
server, it encrypts the ACL for the protected resource.  The authentication
server then validates the user against the (decrypted) ACL and returns the
first matching entry to be cached in the browser.  When the browser is
queried for user credentials, the encrypted (authenticated) group
affiliations are returned to the content server.

2) Could re-directed authentication be layered on top of the existing
schemes so that it could be used with basic, digest, and X.509?

BTW, all those emails have given new meaning to "digest authentication".
Right now I'm suffering from "authentication indigestion"!
-e ;-)
Received on Wednesday, 10 December 1997 09:23:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:16:28 UTC