- From: Jim Whitehead <ejw@ics.uci.edu>
- Date: Thu, 1 Jun 2000 15:21:21 -0700
- To: Dan Burton <DPBURTON@novell.com>, WebDAV WG <w3c-dist-auth@w3.org>
Hmm, well I can see how this is an important deployment issue. I think the problem of notifying the user that their password has expired would be easier than providing a password modification protocol. It seems to be this problem isn't inherent to authoring -- regular Web access could run into this problem as well. For example, if my subscription to an online magazine, or digital library runs out, I might want to receive a message as well. But, authoring certainly does bring in clients that do not have HTML rendering capability. I think the best way to address this would be for someone to volunteer to write up an Internet Draft describing a new status code, and its meaning, to cover the password expiration, and password refresh cases. I think it should scrupulously avoid functionality that would allow a user to reset their password, unless it involved returning the URL of a Web page that would allow the password to be reset. But, this wouldn't affect existing WebDAV clients fast enough to affect your current situation -- for that, one option is to use email as a notification service, telling users their passwords have expired. - Jim > In my original message I said this may be out of the scope of > WebDAV, but now I think it is critical to WebDAV. We a currently > working on this issue with a large customer. With a normal HTTP > client (one that renders html) it is possible to solve the > expired password problem. However, with WebDAV clients there > currently is no way to solve this problem. This is currently THE > issue that is preventing the adoption of WebDAV for this > customer. If we want to have people use the WebDAV protocol we > have to be willing to solve problems like this one.
Received on Thursday, 1 June 2000 18:24:05 UTC