- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Fri, 13 Jul 2012 11:40:30 +0100
- To: Daniel Stenberg <daniel@haxx.se>
- CC: HTTP Working Group <ietf-http-wg@w3.org>, libcurl hacking <curl-library@cool.haxx.se>
Hi Daniel, On 07/12/2012 10:16 PM, Daniel Stenberg wrote: > > Similar to the HTTP protocol, we intend to support any widely adopted > authentication protocols. The HOBA, SCRAM and Mutual auth suggestions > all seem perfectly doable and fine in my perspective. Great. > However, if there's no proper logout mechanism provided for HTTP auth I > don't forsee any particular desire from browser vendor or web site > creators to use any of these just like they don't use the older ones > either to any significant extent. This may be my ignorance but what'd be a "proper logout mechanism"? Maybe someone's documented requirements or a wish-list somewhere? I put in a bit on this in the hoba draft, (but to be honest, without really understanding much about it:-), so I'd love to know a bit more about what's needed, e.g. how ought it affect cookies, TLS session resume, etc. etc. Ta, S.
Received on Friday, 13 July 2012 10:41:02 UTC