- From: David W. Morris <dwm@xpasc.com>
- Date: Wed, 2 Aug 2000 19:02:07 -0400 (EDT)
- To: Scott Lawrence <lawrence@agranat.com>
- cc: "Life is hard, and then you die" <ronald@innovation.ch>, James G Smith <JGSmith@tamu.edu>, http-wg@cuckoo.hpl.hp.com
While not commenting directly on the proposal, I would note in my application deployment role ... firewall and application service provider issues make the missing function Scott mentions an important capability. Thanks, Dave Morris On Wed, 2 Aug 2000, Scott Lawrence wrote: > > > From: ronald@innovation.ch > > > Isn't the algorithm=MD5-sess in Digest auth sufficient? The A1 is > > basically your ticket. Or maybe I'm missing something. > > No, Digest as currently defined allows the http server to consult a > third party authentication server in order to obtain the secret (but > does not specify how that should be done). It does not, however, meet > the need described here - that the http server be able to instruct the > client to first obtain credentials through the third party server.
Received on Wednesday, 2 August 2000 16:04:40 UTC