- From: Yaron Goland <yarong@microsoft.com>
- Date: Sun, 28 Dec 1997 18:38:28 -0800
- To: "'Eric_Houston/CAM/Lotus@lotus.com'" <Eric_Houston/CAM/Lotus@lotus.com>, jg@pa.dec.com, zurko@opengroup.org
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
I can think of an enormous number of reasons why a useful ACL protocol couldn't be specified, but then I'm the one adding the adjective "useful." Anyway, the DAV group is now working on just such a standardization. There are two drafts out and a firestorm of discussion. Yaron > -----Original Message----- > From: Eric_Houston/CAM/Lotus@lotus.com > [SMTP:Eric_Houston/CAM/Lotus@lotus.com] > Sent: Monday, December 15, 1997 6:55 AM > To: jg@pa.dec.com; zurko@opengroup.org > Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com > Subject: Re: Proposal for new HTTP 1.1 authentication scheme > > I don't see why a standard ACL protocol cannot be specified, it would add > TREMENDOUS value. > -e > > ---------------------- Forwarded by Eric Houston/CAM/Lotus on 12/15/97 > 09:51 AM --------------------------- > > > Mary Ellen Zurko <zurko@opengroup.org> on 12/11/97 08:41:29 AM > > To: Eric Houston/CAM/Lotus > cc: jg@pa.dec.com (Jim Gettys) , > http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, zurko@opengroup.org > Subject: Re: Proposal for new HTTP 1.1 authentication scheme > > > > > > 1) When the content server redirects the request to the authentication > > server, it encrypts the ACL for the protected resource. The > authentication > > server then validates the user against the (decrypted) ACL and returns > the > > first matching entry to be cached in the browser. When the browser is > > queried for user credentials, the encrypted (authenticated) group > > affiliations are returned to the content server. > > > Since there are no standardized ACLs, I don't think this can be > addressed in the HTTP spec. Or did I miss the part where ACLs were > added to HTTP? > Mez > > >
Received on Monday, 5 January 1998 09:56:49 UTC