- From: Nottingham, Mark (Australia) <mark_nottingham@exchange.au.ml.com>
- Date: Wed, 14 Apr 1999 22:24:33 -0400 (EDT)
- To: "'tvaughan@aventail.com'" <tvaughan@aventail.com>, www-talk@w3.org
I asked a similar question on HTTPwg a while back, and got a few interesting responses. Check the mailing list. Probably the best is from Jim Gettys: >The revised digest authentication can be implemented to allow cross server >sharing of authentication information (without the danger of stealing >of one header allowing access to other servers), which should solve this >problem (without the kluding of using a proxy to do the translations). > >The back end servers can communicate among themselves the authentication >information with whatever protocol is appropriate (e.g. Kerberos). > >This was one of the major flaws in RFC2069, and is being fixed in >the revision. Paul Leach had the idea that makes this feasible >after 2069 was issued. > >Please look at a current draft of the revision to see the details. Digest auth definately has this capability, and is (more) secure. Unfortunately, there still aren't many browsers who support Digest (haven't checked with the latest, but if any of your users use even moderately old ones, you're out of luck). Hope this helps, > -----Original Message----- > From: tvaughan@aventail.com [mailto:tvaughan@aventail.com] > Sent: Thursday, April 15, 1999 4:23 AM > To: www-talk@w3.org > Subject: user credential passing standard > > > Is there a standard way to pass user credentials from one web > server/proxy > to another web server/proxy? Like encrypted cookies or something. > > -Tom >
Received on Thursday, 15 April 1999 01:28:01 UTC