W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 1997

RE: Access Control: What's On The Wire

From: Albert Lunde <albert-lunde@nwu.edu>
Date: Thu, 29 May 1997 9:52:29 CDT
Message-Id: <199705291452.KAA20195@www10.w3.org>
To: w3c-dist-auth@w3.org
> This might just be a more direct way of saying what you are saying.
> I think you will find that the only way to specify that credentials =
> should be sent without restricting the implementation to any particular =
> method (X.509, kerberos...) is to define a "credential cookie" which the =
> client sends to the server.
> Determining which form of credential to send (assuming the client has a =
> choice) would require the client and/or the server to send a list of the =
> supported credential "formats" in order of preference the one being used =
> being the highest commonly supported format (credential handshake).
> This implies that the minimum that this WG is going to have to do is
> 1)  Decide which schemes we regard as candidates for credentials
> 2)  Determine the extension to HTTP for the credential handshaking =
> explicitly naming the identified credential schemes and such that it can =
> be extended to support other schemes (similar to the MIME-type names)
> 3)  Determine the extension to HTTP for the credential cookie transfer

What's to stop using extension schemes under WWW-Authenticate
as credentials?
Received on Thursday, 29 May 1997 10:52:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:10 UTC