Re: Issue 141: "should we have an auth scheme registry"

On 28.09.2010 18:00, Julian Reschke wrote:
> On 28.09.2010 17:37, Cyrus Daboo wrote:
>> ...
>>> SASL has a different registration requirements for single names and
>>> family of names; when you register a family of names you essentially
>>> delegate a part of the space of names to another spec -- do we really
>>> want that?
>> Take a look at
>> <> which
>> actually tried to define an HTTP auth registry. Whilst that has expired,
>> I think there still might be interest in pursuing it.
>> ...
> As far as I can tell, this didn't try to define a generic registry...
> Anyway: if there's a "family" of schemes, defined by the same
> specification, wouldn't it make more sense to have a single scheme name,
> and then dispatch depending on a scheme parameter instead?
> So instead of
> WWW-Authenticate: FOO-BAR realm="realm"
> one would use
> WWW-Authenticate: FOO realm="realm" type="BAR"
> ?
> This would simplify the registry dramatically.
 > ...


for now I have added minimal text establishing a registry; see 
<>; I'm sure 
that we will want to say more about the requirements.

I also added <> 
("consider adding an "intended usage" field to our IANA registries"); to 
me appears like an orthogonal issue, and it would apply to more than 
this registry.

I haven't added the separate spec registering Basic and Digest yet.

Best regards, Julian

Received on Thursday, 7 October 2010 15:24:05 UTC