W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 1998

RE: Reauthentication Requested Revisited

From: Josh Cohen <joshco@microsoft.com>
Date: Mon, 2 Feb 1998 17:01:08 -0800
Message-Id: <21FD6499922DD111A4F600805FCCD6F2013D09A9@red-86-msg.dns.microsoft.com>
To: "'http-wg@cuckoo.hpl.hp.com'" <http-wg@cuckoo.hpl.hp.com>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/5333 


-> -----Original Message-----
-> From: Scott Lawrence [mailto:lawrence@agranat.com]
-> Sent: Monday, February 02, 1998 4:06 PM
-> To: Josh Cohen
-> Subject: Re: Reauthentication Requested Revisited
-> 
-> 
-> 
-> JC> This provides a general mechanism for a "retry request" 
-> from the server
-> JC> to the client along with a way to acknowledge receipt of 
-> the retry
-> JC> request.
-> 
->   Which may or may not be a good thing, but is, I think, 
-> orthogonal to
->   the question of invalidating cached user credentials.
-> 
Technically yes.  However to make the 'reauth request' actually
work and be useable, both are necessary from a system view.

1) the server needs a way to send a message to the client saying
  please revalidate your credentials with the user
2) the server needs a way to detect that the client has
   or is at least claiming to knowingly complete the task
   (revalidate the credentials)

So, I guess Im lumping two things together in a sense.  I see the
 second part as an infrastructure item needed by the first to make it
 useable.

(else how would you know if the client actually revalidated?)

-> Scott Lawrence           EmWeb Embedded Server       
-> <lawrence@agranat.com>
-> Agranat Systems, Inc.        Engineering            
-> http://www.agranat.com/
->
Received on Monday, 2 February 1998 17:07:29 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:04 UTC