W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: Authentication over HTTP

From: Albert Lunde <atlunde@panix.com>
Date: Wed, 17 Jul 2013 06:04:51 -0500
Message-ID: <51E67A53.9020607@panix.com>
To: ietf-http-wg@w3.org
One area of previous work that may be relevant is Web-Single-Signon 
systems. These tend to rely on some unattractive mix of JavaScript, 
cookies, and other gimmicks to complete the authentication exchange, but 
they are representative of what people have tried to layer on top of 
HTTP/1.1 to replace Basic auth, and provide sessions of a sort.

Shibboleth and CAS are notable examples using SAML and Kerberos 
respectively.

It seems like there are use cases to delegate authentication to a 
trusted third-party and/or maintain sessions.

There may be some mechanisms that HTTP/2.0 could support to make this 
easier, but it's a different question than just the framework used by 
Basic and Digest auth.
Received on Wednesday, 17 July 2013 11:05:12 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC