- From: Brian Behlendorf <brian@wired.com>
- Date: Sun, 9 Apr 1995 21:29:22 -0800 (PST)
- To: Gavin Nicol <gtn@ebt.com>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Two issues: 1) I've seen other situations where "double-authentication" for a given object could be desired - consider it analogous to having two dead-bolt locks on your front door. I'd support some way of doing this that can be applied for any new form of authentication we dream up (MD5 digesting, SHTTP, etc). 2) If root, directory1, and directory2 were all separate Realms with separate password files, then essentially you want all authentication info up front (if starting at directory 2 and working back) rather than only getting the pair at each level. I could see this as a security hole for the Basic scheme at least, given that people in one Realm shouldn't be given the authentication information that another Realm needs. Brian p.s. - in the future, name/password combos will be stored in encrypted form on your Digicash Smart Card which you always keep with you, so you may never need to type your password ever more than once. Wheee! On Mon, 10 Apr 1995, Gavin Nicol wrote: > Hi. One thing I've been thinking about recently is security. I would > like to be able to assign different passwords to different levels of > a heirarchy, and to have the clearances be cumultive: > > <root> Basic foo:bar > | > +----- <directory1> Basic grok:baz > | > +----- <directory2> Basic foo:pax > > where to get to directory2 via a URL you'd do something like: > > root/directory1/directory2 > > What I want is: > > 1) To get to directory2, you need all the name+password pairs > 2) That when you move back up, you don't need to reauthenticate > > This isn't directly related to HTTP, but is rather a server-side > issue. I was wondering is anyone has done this? > > > --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-- brian@hotwired.com brian@hyperreal.com http://www.hotwired.com/Staff/brian/
Received on Sunday, 9 April 1995 22:34:58 UTC