RE: Interop issue: how can clients force authentication?

>From: Clemm, Geoff [mailto:gclemm@Rational.Com]
>I believe the problem statement is:
>
>The problem: A client wants to check if the current user is
>authenticated to do an operation before it has that user provide the
>input for that operation, and before it performs expensive 
>computations to set up the input for that request.

With this as the problem statement, I believe that we need to look outside
of our own protocol here and take a look at one or more protocols that only
deal with the authentication and authorization of users and systems. Why
does WebDAV have to come up with the whole package themselves? If we look at
the SAML specifications for a moment, it provides the ability to request
from a server what a particular user is asking for and get back a complete
answer. Yes, it is another call but the user is guaranteed to have a
complete answer as to authentication and authorization across a large circle
of influence. By adopting SAML as the back-end mechanism we will also pick
up a true single sign-on capability for WebDAV, something we've talked about
and alluded to but have not considered it in the RFC.

			Comments, rocks, bottles, or stones?

				Kevin

____________________________________________ 
Kevin J. Dyer
Sr. Technologist, Product Management
kevin.dyer@matrixone.com

TEL:     978-322-2011
FAX:     978-322-2040
MOBILE:  978-549-0971

MatrixOne, Inc.
Two Executive Drive
Chelmsford, MA  01824  USA
www.matrixone.com

"Changing the way the world brings products to market" (tm)
____________________________________________

Received on Friday, 20 September 2002 11:31:53 UTC