- From: Carlos Iglesias <carlos.iglesias@fundacionctic.org>
- Date: Fri, 27 Oct 2006 11:59:30 +0200
- To: "Johannes Koch" <johannes.koch@fit.fraunhofer.de>, <public-wai-ert@w3.org>
Hi Johannes, > Carlos Iglesias schrieb: > > However there is some information in the "HTTP Vocabulary > in RDF" that is clearly sensitive. My first thoughts are for > the "authorization" property which contains the userid and > password, specially in "Basic Authentication" that relies > just on a base64 encoded string. > > Because it is the same in the HTTP protocol itself, I don't > see the need for additionally encrypting it for EARL. The Basic authentication scheme is not a secure method, but some times you could use Basic Authentication because you rely on the physical network security (e.g. in a private intranet). If the physical network has gone (e.g. you share an EARL report outside the private network) the only security you get is the laughable base64. I still think it's worth thinking about it and, at least, explain the issue in informative text. Regards, CI. -------------------------------------- Carlos Iglesias CTIC Foundation Science and Technology Park of Gijón 33203 - Gijón, Asturias, Spain phone: +34 984291212 fax: +34 984390612 email: carlos.iglesias@fundacionctic.org URL: http://www.fundacionctic.org
Received on Friday, 27 October 2006 09:59:54 UTC