RE: Interop issue: how can clients force authentication?

> With this as the problem statement, I believe that we need to look
outside of
> our own protocol here and take a look at one or more protocols that o=
nly
deal
> with the authentication and authorization of users and systems. Why d=
oes
WebDAV
> have to come up with the whole package themselves? If we look at the =
SAML

> specifications for a moment, it provides the ability to request from =
a
server
> what a particular user is asking for and get back a complete answer. =
Yes,
it is
> another call but the user is guaranteed to have a complete answer as =
to
> authentication and authorization across a large circle of influence. =
By
> adopting SAML as the back-end mechanism we will also pick up a true
single
> sign-on capability for WebDAV, something we've talked about and allud=
ed
to but
> have not considered it in the RFC.
>
> =A0=A0=A0=A0=A0=A0=A0 =A0=A0=A0=A0=A0=A0=A0 =A0=A0=A0=A0=A0=A0=A0 Com=
ments, rocks, bottles, or stones?

SAML is probably pretty good, but our needs appear to be minimal (or le=
ss)
and
as you can see from Geoff's posting, providing that capability in some =
form
would
probably be trivial. That doesn't mean that clients shouldn't/can't use=

SAML.  They
can if they want.  But it's not something that is generally required to=

achieve the
WebDAV functionality and interoperability, at least not for
this problem,  so it probably doesn't need to go in the base WebDAV spe=
c.
=

Received on Sunday, 22 September 2002 23:52:04 UTC