- From: Josh Howlett <Josh.Howlett@ja.net>
- Date: Tue, 16 Jul 2013 10:04:40 +0000
- To: Nico Williams <nico@cryptonector.com>, Yoav Nir <ynir@checkpoint.com>
- CC: M Stefan <mstefanro@gmail.com>, "<ietf-http-wg@w3.org>" <ietf-http-wg@w3.org>
> >That leaves only the application layer as the best suited for >authentication of identities (and/or resolution to attributes) that >the service needs for authorization (or even in the other direction). >This, I know, is a bit of a controversial opinion. My proposal is >here: http://tools.ietf.org/html/draft-williams-http-rest-auth-01 >(ah, I need to submit the WG version). I agree with this analysis. No single mechanism will meet every need. It is more important that HTTP has the agility to allow different mechanisms on a per-application basis, while maintaining a consistent presentation to users and application developers (as Nico's proposal allows). Binding specific mechanisms to the protocol, as in HTTP/1.1, would be an error IMO. Josh. Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
Received on Tuesday, 16 July 2013 10:05:13 UTC