- From: Eran Hammer-Lahav <eran@hueniverse.com>
- Date: Fri, 4 Dec 2009 11:24:48 -0700
- To: Thomas Maslen <Thomas.Maslen@quest.com>, Julian Reschke <julian.reschke@gmx.de>
- CC: "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
This is a useful resource: http://code.google.com/p/browsersec/wiki/Part3#HTTP_authentication EHL > -----Original Message----- > From: Eran Hammer-Lahav > Sent: Friday, December 04, 2009 9:22 AM > To: 'Thomas Maslen'; Julian Reschke > Cc: HTTP Working Group (ietf-http-wg@w3.org) > Subject: RE: Backwards definition of authentication header > > Is there a list somewhere of all existing HTTP auth schemes and their > specifications? > > EHL > > > -----Original Message----- > > From: Thomas Maslen [mailto:Thomas.Maslen@quest.com] > > Sent: Friday, December 04, 2009 9:04 AM > > To: Eran Hammer-Lahav; Julian Reschke > > Cc: HTTP Working Group (ietf-http-wg@w3.org) > > Subject: RE: Backwards definition of authentication header > > > > [...] > > >> Is there anything *except* for the broken ABNF with respect to > > >> Basic that makes you think the definition isn't binding? > > > > > > No. But since Basic is 50% of 2617, it is a pretty big exception... > > > :-) > > > > For what it's worth, the "Negotiate" and :"NTLM" auth schemes are like > > Basic inasmuch as they just have the scheme name followed by a Base64 > blob. > > > > (Perhaps schemes such as Digest that actually satisfy the ABNF are in > > the > > minority?)
Received on Friday, 4 December 2009 18:25:04 UTC