RE: Proposal for new HTTP 1.1 authentication scheme from Eric_Houston/CAM/Lotus@lotus.com on 1997-12-10 (ietf-http-wg@w3.org from October to December 1997)

From: <Eric_Houston/CAM/Lotus@lotus.com>
Date: Wed, 10 Dec 1997 12:34:42 -0500
To: Jim Gettys <jg@pa.dec.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <85256569.005F69CC.00@mta2.lotus.com>

Two new refinements that I would like to make:

 1) When the content server redirects the request to the authentication
server, it encrypts the ACL for the protected resource.  The authentication
server then validates the user against the (decrypted) ACL and returns the
first matching entry to be cached in the browser.  When the browser is
queried for user credentials, the encrypted (authenticated) group
affiliations are returned to the content server.

2) Could re-directed authentication be layered on top of the existing
schemes so that it could be used with basic, digest, and X.509?

BTW, all those emails have given new meaning to "digest authentication".
Right now I'm suffering from "authentication indigestion"!
-e ;-)

Received on Wednesday, 10 December 1997 09:23:19 UTC