- From: James G Smith <JGSmith@tamu.edu>
- Date: Wed, 09 Aug 2000 16:47:09 -0500
- To: http-wg@cuckoo.hpl.hp.com
- Cc: JGSmith@tamu.edu
From the response, it would seem some form of third-party
authentication may be desired and useful, but no clear concensus
on how best to go about it. I don't have an answer to that, but
I have put my thoughts together in the form of a draft, which
should appear sometime as
draft-smith-http-third-party-authentication-00.txt
Until it is posted on the IETF site, it is available from my
own workstation at
http://hex.tamu.edu/drafts/draft-smith-http-third-party-authentication-00.txt
I already have a correction for it -- the expiration time should
be in GMT (section 2.2).
An issue that is not addressed is how to indicate that the client
should abandon the authentication process and discard the pending
request awaiting credentials. The authentication process MUST
indicate one and only one of success or abandonment. When in doubt,
the client may abandon the process? This could be the case if
the client becomes confused as to what is going on.
--
James Smith <JGSmith@TAMU.Edu>, 409-862-3725
Texas A&M CIS Operating Systems Group, Unix
Received on Wednesday, 9 August 2000 14:46:52 UTC