- From: Scott Lawrence <lawrence@agranat.com>
- Date: Thu, 11 Dec 1997 09:24:05 -0500
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
>>>>> "EH" == Eric Houston: EH> Two new refinements that I would like to make: EH> 1) When the content server redirects the request to the authentication EH> server, it encrypts the ACL for the protected resource. The authentication EH> server then validates the user against the (decrypted) ACL Whoa - this is authentication, not authorization. The purpose is to provide a trustable identity for the end user without exposing the means of doing so to the world, not to do access control. Access control depends on authentication, but authentication does not include access control. I believe that any discussion of ACLs is out of scope for this specification. -- Scott Lawrence EmWeb Embedded Server <lawrence@agranat.com> Agranat Systems, Inc. Engineering http://www.agranat.com/
Received on Thursday, 11 December 1997 06:26:02 UTC