RE: ticket based authentication

While not commenting directly on the proposal, I would note in my
application deployment role ... firewall and application service provider
issues make the missing function Scott mentions an important capability.

Thanks,
  Dave Morris

On Wed, 2 Aug 2000, Scott Lawrence wrote:

> 
> > From: ronald@innovation.ch
> 
> > Isn't the algorithm=MD5-sess in Digest auth sufficient? The A1 is
> > basically your ticket. Or maybe I'm missing something.
> 
> No, Digest as currently defined allows the http server to consult a
> third party authentication server in order to obtain the secret (but
> does not specify how that should be done).  It does not, however, meet
> the need described here - that the http server be able to instruct the
> client to first obtain credentials through the third party server.

Received on Wednesday, 2 August 2000 16:04:40 UTC