- From: Alan Kent <ajk@mds.rmit.edu.au>
- Date: Wed, 17 Oct 2001 10:06:49 +1000
- To: WebDAV <w3c-dist-auth@w3.org>
Just thought I would add my 2 cents (oh, given Australian/US currency conversion that might only be 1 cent :-) and say that our product is unable to implement digest authentication for reasons similar to those put forward by others. Our product has to work in a range of different environments where there are existing authentication mechanisms out of our control. We cannot even guarantee that a user name and password will be available for authentication! (One site uses SSL certificates only). There is no way we can ask for plain text passwords. And there is usually no way we can access even an encrypted version of it because the supplied API does not permit it and its to hard for the customer to change their security infrastructure just for us. Bottom line is that I think that WebDAV does not need to specify a security scheme - it can just say to use normal HTTP security methods. It seems like an orthogonal issue to WebDAV to me. Alan
Received on Tuesday, 16 October 2001 20:07:22 UTC