RE: Proposal for new HTTP 1.1 authentication scheme

I believe ACLs are being discussed by the WEBDAV group. In any event, 
I agree that a general purpose ACL mechanism for HTTP would be of 
great value.

Gregory Woodhouse gregory.woodhouse@med.va.gov
May the dromedary be with you.


----------
From:  Mary Ellen Zurko [SMTP:zurko@opengroup.org]
Sent:  Thursday, December 11, 1997 5:41 AM
To:  http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Cc:  jg@pa.dec.com; http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com; 
zurko@opengroup.org
Subject:  Re: Proposal for new HTTP 1.1 authentication scheme

>  1) When the content server redirects the request to the 
authentication
> server, it encrypts the ACL for the protected resource.  The 
authentication
> server then validates the user against the (decrypted) ACL and 
returns the
> first matching entry to be cached in the browser.  When the browser 
is
> queried for user credentials, the encrypted (authenticated) group
> affiliations are returned to the content server.
>

Since there are no standardized ACLs, I don't think this can be
addressed in the HTTP spec. Or did I miss the part where ACLs were
added to HTTP?
	Mez

Received on Wednesday, 17 December 1997 16:53:23 UTC