> > > Could one or both of you explain what it would be used for? > > It would help the rest of us support such a proposal. > > Just asserting it would be useful doesn't help us (as a working > > group) understand (or understand what problems it would present > > that have to be thought about). > > I'll list some off the top of my head: > > o one-time password/securID type authentication where a cookie is > issued and considered as valid credentials for a certain period of > time and then expired This is the exact application that we were considering here. As a firewall vendor, we have considered several methods for incorporating a stronger authentication method than the standard Unix password. If there was a proxy-cookie with parameters such as expiration time we could incorporate some of the one-time password schemes alot easier. -- Wyllys Ingersoll ANS Communications Reston VA > o other access control data, e.g. ACL's > o being able to track usage patterns without forcing user > authentication > > o being able to customize the view through the proxy > > o maintaining client state on proxy side that useful and necessary, > e.g. > > o to guarantee that a Java originated connection gets to the > same IP address as the Java applet was loaded from (to > avoid the DNS spoofing attack) > > o to guarantee the same proxy route to the origin server, to > avoid problems where sites would associate a client cookie > with the incoming IP address, and with multiple different > proxy routes end up in a situation where client's cookie is > considered invalid by the origin server because it came > through a different proxy route (different source IP > address) > > The two last subitems I don't mind if HTTP WG proposes some other > mechanism to deal with them; however, if we go with Proxy-cookies > (which I fully support), this would be a possible solution. > > Cheers, > -- > Ari Luotonen * * * Opinions my own, not Netscape's * * * > Netscape Communications Corp. ari@netscape.com > 501 East Middlefield Road http://home.netscape.com/people/ari/ > Mountain View, CA 94043, USA Netscape Proxy Server Development >Received on Friday, 14 February 1997 13:22:56 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:01 UTC