- From: Chris Patterson <chris@maxum.com>
- Date: Thu, 08 Apr 1999 16:22:57 -0500
- To: Dan Connolly <connolly@w3.org>
- CC: pics-interest@w3.org
> Chris Patterson wrote:
>> There is no reason some kind of authentication method to identify
>> "registered" users couldn't be used in the PICS HTTP request. It would
>> probably require some kind of public/private key system (Cookies? PGP? SSL?)
>> -- HTTP's "basic" authentication method wouldn't cut it. But whatever method
>> was agreed upon would need to be implemented in the PICS clients.
>
> Would digest authentication[1] cut it?
> i.e. do you really need public key stuff, or are you
> just trying to avoid passwords-in-the-clear?
>
> Hmm... your mention of SSL reminds me that confidentiality
> might be important...
Digest authentication seems like it would do the trick, if the PICS label
bureau used "single-use" nonce values to ensure that each and every hit (for
which a charge could be assessed) is properly authenticated. Right?
=====================================================
Chris Patterson chris@maxum.com
Maxum Development Corp. http://www.maxum.com
"Tao?" "Nah, I prefer to drip-dry."
=====================================================
Received on Thursday, 8 April 1999 17:21:22 UTC