Re: HTTP2 Expression of Interest: curl

Hi Daniel,

On 07/12/2012 10:16 PM, Daniel Stenberg wrote:
> Similar to the HTTP protocol, we intend to support any widely adopted
> authentication protocols. The HOBA, SCRAM and Mutual auth suggestions
> all seem perfectly doable and fine in my perspective.


> However, if there's no proper logout mechanism provided for HTTP auth I
> don't forsee any particular desire from browser vendor or web site
> creators to use any of these just like they don't use the older ones
> either to any significant extent. 

This may be my ignorance but what'd be a "proper logout mechanism"?
Maybe someone's documented requirements or a wish-list somewhere?

I put in a bit on this in the hoba draft, (but to be honest, without
really understanding much about it:-), so I'd love to know a bit more
about what's needed, e.g. how ought it affect cookies, TLS session
resume, etc. etc.


Received on Friday, 13 July 2012 10:41:02 UTC