- From: Henrik Nordström <henrik@henriknordstrom.net>
- Date: Wed, 29 Feb 2012 20:19:32 +0100
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, mnot@mnot.net, iesg@ietf.org, ietf-http-wg@w3.org, IETF-Discussion <ietf@ietf.org>
tis 2012-02-21 klockan 19:50 +0100 skrev Julian Reschke: > Well, we have an existing authentication framework. It would be > interesting to find out what's missing from it. My take is better secure authentication schemes (not plaintext password based) which is cleanly specified to a level that implementations actually interop properly, and the ability for site owners (and proxies) to influence how the login process is presented to users in a safe manner that do not collide with preceived https security or makes a mess for matchine<->machine communication not involving humans. The existing HTTP auth framework works in general very well for machine<->machine. This said I have used HTTP Digest authentication quite successfully (but with a number of interop workarounds) with non-tech users using the default login box, only providing a good error response message seen if the user cacels of fails the login. Regards Henrik
Received on Wednesday, 29 February 2012 19:20:10 UTC