- From: Michael Wechner <michael.wechner@wyona.com>
- Date: Mon, 03 Jul 2006 15:51:10 +0200
- To: Manfred Baedke <manfred.baedke@greenbytes.de>
- CC: Julian Reschke <julian.reschke@gmx.de>, w3c-dist-auth@w3.org
Manfred Baedke wrote: > Hi Michael, > >> right, this might makes sense for formats. But I would argue with >> another usecase, namely Custom Authentication >> instead of HTTP authentication (BASIC or DIGEST). >> >> Let's assume a resource is protected and a server would like to offer >> custom authentication, e.g. it would send >> a HTML to a regular browser and some WebDAV specific XML to a WebDAV >> enabled client, whereas I haven't digged into >> WebDAV far enough how something like this could be handled by the >> WebDAV spec. > as Julian pointed out, this form of authentication is not covered by > any specification, I think that's what confused me resp. I wanted to mix stuff which I have to agree doesn't make sense. > so there is no reliable way for a generic client to handle it anyway well, if there would be a standard than I don't think this should be a problem. My suggestion would be that the client sends a WWW-Authenticate header of its supported authentication schemes to the server and the server then checks if one of the client's suggested authentication schemes is support by the server and is able to respond appropriately resp. responding with an exception in the sense, that none of the suggested authentication schemes is supported. It seems to me that "WWW-Authenticate" is similar to "Accept" and that the client should make this suggestion first and let the server react to it. WDYT? > (besides the fact that authentication has nothing to do with WebDAV). agreed. Thanks for clarifying Michi > > Regards, > Manfred > > -- Michael Wechner Wyona - Open Source Content Management - Apache Lenya http://www.wyona.com http://lenya.apache.org michael.wechner@wyona.com michi@apache.org +41 44 272 91 61
Received on Monday, 3 July 2006 13:51:20 UTC