WWW-Authenticate proposal: timeout flag from Soni L. on 2021-04-29 (ietf-http-wg@w3.org from April to June 2021)

From: Soni L. <fakedme+http@gmail.com>
Date: Thu, 29 Apr 2021 17:24:54 -0300
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <11cedf9c-add4-d38c-8761-2ad4498caa47@gmail.com>

We'd like to be able to specify a timeout value for WWW-Authenticate, in
particular `timeout=0` so the HTTP authentication can be converted into
session cookies rather than sending the password in plaintext (sure, it
gets sent over TLS, but that doesn't matter) on every request. Would
anyone be interested in such proposal?

Received on Thursday, 29 April 2021 20:25:12 UTC