Re: Proposal for new HTTP 1.1 authentication scheme from Eric_Houston/CAM/Lotus@lotus.com on 1997-12-15 (ietf-http-wg@w3.org from October to December 1997)

From: <Eric_Houston/CAM/Lotus@lotus.com>
Date: Mon, 15 Dec 1997 09:55:15 -0500
To: Jim Gettys <jg@pa.dec.com>, zurko@opengroup.org
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <8525656E.00515BAC.00@mta2.lotus.com>

I don't see why a standard ACL protocol cannot be specified, it would add
TREMENDOUS value.
-e

---------------------- Forwarded by Eric Houston/CAM/Lotus on 12/15/97
09:51 AM ---------------------------


Mary Ellen Zurko <zurko@opengroup.org> on 12/11/97 08:41:29 AM

To:   Eric Houston/CAM/Lotus
cc:   jg@pa.dec.com (Jim Gettys) ,
      http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, zurko@opengroup.org
Subject:  Re: Proposal for new HTTP 1.1 authentication scheme




>  1) When the content server redirects the request to the authentication
> server, it encrypts the ACL for the protected resource.  The
authentication
> server then validates the user against the (decrypted) ACL and returns
the
> first matching entry to be cached in the browser.  When the browser is
> queried for user credentials, the encrypted (authenticated) group
> affiliations are returned to the content server.
>
Since there are no standardized ACLs, I don't think this can be
addressed in the HTTP spec. Or did I miss the part where ACLs were
added to HTTP?
     Mez

Received on Tuesday, 16 December 1997 15:06:31 UTC