- From: Peter J Churchyard <pjc@trusted.com>
- Date: Wed, 24 Jan 1996 10:08:40 -0500 (EST)
- To: www-talk@w3.org
Hi, I would like to propose that WWW-Authenticate and Proxy-Authenticate be replace by a single general authenticate construct. Both WWW and Proxy authenticate have implicitly defined authentication points, for WWW it is the origin server and for Proxy it is the first proxy that the client sends the request through. As noted Section 1.4 there will in general be multiple intermediaries. general authenticate has same syntax as WWW with the addition of an authentication point loc field. This would specify the origin server for WWW style auths etc. The semantics are that general auth header lines are passed through except where the authentication point refers to this server/intermediary. Note there will be as many general auth headers as there are authentication points in a path. WWW and Proxy auth are now just special cases of general auth and 1.1 servers should be able to handle them, general auth would be prefered. Client Issues. Clients are now required to present all general auth requests to the user. Optimizations. Where the auth protocol needs one-time challenge response behaviour, you may end up in a shuttle mode where the request is shuttled back and forward slowly passing down to authentication points nearer and nearer the server. An optimization is to allow authentication points to piggyback general auth requests onto normal replies. So after the initial shuttling, subsequent requests just flow back and forth. Pete. -- The TIS Network Security Products Group has moved! voice: 301-527-9500 x123 fax: 301-527-0482 2277 Research Boulevard, 5th Floor, Rockville, MD 20850
Received on Wednesday, 24 January 1996 10:09:02 UTC