- From: Alexey Melnikov <alexey.melnikov@isode.com>
- Date: Fri, 13 Jul 2012 19:41:32 +0100
- To: Nico Williams <nico@cryptonector.com>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
On 10/07/2012 18:45, Nico Williams wrote: > On Tue, Jul 10, 2012 at 11:32 AM, Alexey Melnikov > <alexey.melnikov@isode.com> wrote: >> You REST-GSS approach has some benefits over currently existing web >> authentication, so I am looking forward to discussing with the WG whether >> this should be the basis for all future web authentication mechanisms. > Thanks. I may be biased but I tend to agree :) > > What benefits do you see? You use existing HTTP features, so hopefully that would be easier to implement than extensions to existing HTTP authentication framework. There is also a benefit for not reusing WWW-Authenticate/Authorisation headers for multileg authentication, because it is not entirely clear how existing clients would handle unrecognized authentication mechanisms. So not needing to deal with backward compatibility might be a plus.
Received on Friday, 13 July 2012 18:41:26 UTC