RE: Passwords and WebDAV

Accidentally caught by the spam filter.

- Jim
-----Original Message-----
From: Haider Sahir Al-Baghdadi [mailto:hs84@uruklink.net]
Sent: Monday, September 02, 2002 5:05 PM
To: w3c-dist-auth@w3.org
Subject: [Moderator Action] RE: Passwords and WebDAV


Hmm, well I can see how this is an important deployment issue. I think the
problem of notifying the user that their password has expired would be
easier than providing a password modification protocol.

It seems to be this problem isn't inherent to authoring -- regular Web
access could run into this problem as well.  For example, if my subscription
to an online magazine, or digital library runs out, I might want to receive
a message as well.  But, authoring certainly does bring in clients that do
not have HTML rendering capability.

I think the best way to address this would be for someone to volunteer to
write up an Internet Draft describing a new status code, and its meaning, to
cover the password expiration, and password refresh cases.  I think it
should scrupulously avoid functionality that would allow a user to reset
their password, unless it involved returning the URL of a Web page that
would allow the password to be reset.

But, this wouldn't affect existing WebDAV clients fast enough to affect your
current situation -- for that, one option is to use email as a notification
service, telling users their passwords have expired.

- Jim


> In my original message I said this may be out of the scope of
> WebDAV, but now I think it is critical to WebDAV. We a currently
> working on this issue with a large customer. With a normal HTTP
> client (one that renders html) it is possible to solve the
> expired password problem. However, with WebDAV clients there
> currently is no way to solve this problem. This is currently THE
> issue that is preventing the adoption of WebDAV for this
> customer. If we want to have people use the WebDAV protocol we
> have to be willing to solve problems like this one.