- From: Mary Ellen Zurko <zurko@opengroup.org>
- Date: Thu, 11 Dec 1997 13:41:29 GMT
- To: Eric_Houston/CAM/Lotus@lotus.com
- Cc: Jim Gettys <jg@pa.dec.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, zurko@opengroup.org
> 1) When the content server redirects the request to the authentication > server, it encrypts the ACL for the protected resource. The authentication > server then validates the user against the (decrypted) ACL and returns the > first matching entry to be cached in the browser. When the browser is > queried for user credentials, the encrypted (authenticated) group > affiliations are returned to the content server. > Since there are no standardized ACLs, I don't think this can be addressed in the HTTP spec. Or did I miss the part where ACLs were added to HTTP? Mez
Received on Sunday, 14 December 1997 23:59:42 UTC