RE: Reauthentication Requested Revisited

-> -----Original Message-----
-> From: Scott Lawrence [mailto:lawrence@agranat.com]
-> Sent: Monday, February 02, 1998 4:06 PM
-> To: Josh Cohen
-> Subject: Re: Reauthentication Requested Revisited
-> 
-> 
-> 
-> JC> This provides a general mechanism for a "retry request" 
-> from the server
-> JC> to the client along with a way to acknowledge receipt of 
-> the retry
-> JC> request.
-> 
->   Which may or may not be a good thing, but is, I think, 
-> orthogonal to
->   the question of invalidating cached user credentials.
-> 
Technically yes.  However to make the 'reauth request' actually
work and be useable, both are necessary from a system view.

1) the server needs a way to send a message to the client saying
  please revalidate your credentials with the user
2) the server needs a way to detect that the client has
   or is at least claiming to knowingly complete the task
   (revalidate the credentials)

So, I guess Im lumping two things together in a sense.  I see the
 second part as an infrastructure item needed by the first to make it
 useable.

(else how would you know if the client actually revalidated?)

-> Scott Lawrence           EmWeb Embedded Server       
-> <lawrence@agranat.com>
-> Agranat Systems, Inc.        Engineering            
-> http://www.agranat.com/
-> 

Received on Monday, 2 February 1998 17:07:29 UTC