Re: draft-montenegro-httpbis-multilegged-auth-01

On 10/07/2012 18:45, Nico Williams wrote:
> On Tue, Jul 10, 2012 at 11:32 AM, Alexey Melnikov
> <alexey.melnikov@isode.com> wrote:
>> You REST-GSS approach has some benefits over currently existing web
>> authentication, so I am looking forward to discussing with the WG whether
>> this should be the basis for all future web authentication mechanisms.
> Thanks.  I may be biased but I tend to agree :)
>
> What benefits do you see?

You use existing HTTP features, so hopefully that would be easier to 
implement than extensions to existing HTTP authentication framework.

There is also a benefit for not reusing WWW-Authenticate/Authorisation 
headers for multileg authentication, because it is not entirely clear 
how existing clients would handle unrecognized authentication 
mechanisms. So not needing to deal with backward compatibility might be 
a plus.

Received on Friday, 13 July 2012 18:41:26 UTC