Re: Publically available PICS Label Bureau for RDF migration testbed? from Dan Connolly on 1999-04-08 (pics-interest@w3.org from April 1999)

From: Dan Connolly <connolly@w3.org>
Date: Thu, 08 Apr 1999 14:50:41 -0500
To: Chris Patterson <chris@maxum.com>
CC: pics-interest@w3.org
Message-ID: <370D0891.99C4C549@w3.org>

Chris Patterson wrote:
> There is no reason some kind of authentication method to identify
> "registered" users couldn't be used in the PICS HTTP request. It would
> probably require some kind of public/private key system (Cookies? PGP? SSL?)
> -- HTTP's "basic" authentication method wouldn't cut it. But whatever method
> was agreed upon would need to be implemented in the PICS clients.

Would digest authentication[1] cut it?
i.e. do you really need public key stuff, or are you
just trying to avoid passwords-in-the-clear?

Hmm... your mention of SSL reminds me that confidentiality
might be important...

[1] "HTTP Authentication: Basic and Digest Access Authentication",
J. Franks, P. Hallam-Baker, J. Hostetler, P. Leach, A. Luotonen, E.
Sink, L. Stewart, S.
Lawrence, 11 Sep 1998. 
http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-authentication-03.txt

see also:

Dec 16, 1998: Jose Kahan announces client-side Digest Authentication
        implementation in libwww - try it out! 
	-- http://www.w3.org/Protocols/

-- 
Dan Connolly, W3C
http://www.w3.org/People/Connolly/
tel:+1-512-310-2971 (office, mobile)
mailto:connolly.pager@w3.org (put your tel# in the Subject:)

Received on Thursday, 8 April 1999 15:50:29 UTC