Re: [kitten] [saag] HTTP authentication: the next generation

On Dec 12, 2010, at 10:40 AM, Alexey Melnikov wrote:

> Yoav Nir wrote:
>> EAP has one advantage. It is easy to integrate with existing RADIUS/DIAMETER infrastructure.
> True.
> And SASL has an advantage that it is easier to integrate with LDAP infrastructure.
> I think this just demonstrates that before an HTTP authentication mechanism can be evaluated, people need to agree on a common evaluation criteria for HTTP authentication.

Define them all and let's have a bake-off.  It has been 16 years since
HTTP auth was taken out of our hands so that the security experts could
define something perfect.  Zero progress so far.  We should just define
everything and let the security experts do what they do best -- find the
holes and tell us what not to implement.


Received on Sunday, 12 December 2010 22:39:53 UTC