- From: Woodhouse, Gregory J. <gregory.woodhouse@med.va.gov>
- Date: Wed, 17 Dec 1997 18:55:36 -0600
- To: "'http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com'" <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>, 'Mary Ellen Zurko' <zurko@opengroup.org>
- Cc: "'jg@pa.dec.com'" <jg@pa.dec.com>
I believe ACLs are being discussed by the WEBDAV group. In any event, I agree that a general purpose ACL mechanism for HTTP would be of great value. Gregory Woodhouse gregory.woodhouse@med.va.gov May the dromedary be with you. ---------- From: Mary Ellen Zurko [SMTP:zurko@opengroup.org] Sent: Thursday, December 11, 1997 5:41 AM To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com Cc: jg@pa.dec.com; http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com; zurko@opengroup.org Subject: Re: Proposal for new HTTP 1.1 authentication scheme > 1) When the content server redirects the request to the authentication > server, it encrypts the ACL for the protected resource. The authentication > server then validates the user against the (decrypted) ACL and returns the > first matching entry to be cached in the browser. When the browser is > queried for user credentials, the encrypted (authenticated) group > affiliations are returned to the content server. > Since there are no standardized ACLs, I don't think this can be addressed in the HTTP spec. Or did I miss the part where ACLs were added to HTTP? Mez
Received on Wednesday, 17 December 1997 16:53:23 UTC