- From: <lists@ingostruck.de>
- Date: Fri, 8 Jun 2007 09:34:04 +0000
- To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
- Cc: Julian Reschke <julian.reschke@gmx.de>, Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On Friday 08 June 2007 08:10, Stephane Bortzmeyer wrote: > On Thu, Jun 07, 2007 at 06:18:13PM +0200, > Julian Reschke <julian.reschke@gmx.de> wrote > > a message of 14 lines which said: > > In the wild, most authentication isn't using RFC2617 anyway. > > Any data here? IMHO, this assertion is not true, unless you limit to > big e-commerce Web sites. For instance, HTTP-based Web services use > 2617. Also, 2617 is typically the simplest way for a small and rapidly > setup Web site, even if it does not have the visibility of Amazon. Apart from that there is an applications where rfc2617 imho currently is the only widely usable auth scheme: restricted proxies. If you want to have a semi-public proxy that needs auth, anything else but using rfc2617 Proxy-Authentication is a pain. If you do not want plaintext credentials, rfc2617 digest currently remains the only working option (at least for me, but admittedly this doesn't say anything about "widespread-use"). Kind regards Ingo Struck
Received on Friday, 8 June 2007 08:23:16 UTC