Re: ticket based authentication

On Wed, Aug 02, 2000 at 09:34:07AM -0500, James G Smith wrote:
> I think I recall some mention that security related issues were 
> not being dealt with by this group, but then I saw the RFC for 
> Basic and Digest Access Authentication among this groups RFCs...
> 
> If this has been answered already, then a gentle reminder of 
> where I need to look will be sufficient :P
> 
> +---
> |
> | I would like to propose an extension to the HTTP standard to 
>   include yet another authentication scheme.  This would allow for 
>   clients to use a third-party URL (third party being not the 
>   client and not the site requiring authentication) to generate the 
>   authentication credentials.
[snip]

Isn't the algorithm=MD5-sess in Digest auth sufficient? The A1 is
basically your ticket. Or maybe I'm missing something.


  Cheers,

  Ronald

Received on Wednesday, 2 August 2000 08:52:21 UTC