fre 2007-06-08 klockan 05:56 -0400 skrev Yves Lafon: > Many sites moved away from HTTP authentication, not so much because of the > technical aspects of basic or digest, but mostly because there was no good > UI in browser. Yes, as has been pointed out a number of times. > Of course browsers are not the only consumers of HTTP, far > from that, but when defining a new authentication scheme, having a way to > present it nicely in browsers would be part of the adoption path. I would say the two is two quite separate tasks, quite independent of each other. - The presentation problem is needed to get solved to get web site authors to accept HTTP authentication at all, or they will continue to insist on using forms based authentication using plain-text login +password just because the other alternatives doesn't "look right", not caring about security. - The scheme is needed to add wire security to the exchange. Digest does a reasonably good job in protecting the wire exchange, but not quite good enough and has a few other issues as well. > Henrik's timeline is describing the positive outcome of creating a new > HTTP auth scheme. Correct. Making changes in this area is a slow process, where the spec writing is only a small part, comparable to getting vendor support. The hard part is getting it generally accepted and deployed. Regards Henrik
Received on Saturday, 9 June 2007 00:49:29 UTC