[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protocol Authentication (was Re: Collection convergence?)

To: Joe Gregorio <joe.gregorio@xxxxxxxxx>
Subject: Re: Protocol Authentication (was Re: Collection convergence?)
From: Robert Sayre <mint@xxxxxxxxxxxxxxx>
Date: Fri, 18 Mar 2005 15:32:35 -0500
Cc: John Panzer <jpanzer@xxxxxxx>, Tim Bray <Tim.Bray@xxxxxxx>, Atom Protocol <atom-protocol@xxxxxxx>, Jason Shellen <shellen@xxxxxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/atom-protocol/mail-archive/>
List-id: <atom-protocol.imc.org>
List-unsubscribe: <mailto:atom-protocol-request@imc.org?body=unsubscribe>
References: <> <> <> <> <> <> <> <> <> <> <>
Sender: owner-atom-protocol@xxxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0 (Macintosh/20041206)

Joe Gregorio wrote:

Now, mandating that a 'client' needs to be able to interact with a
server using Digest is something competely different. That *may* be
a way to increase interopability. It seems that that is the tact
that WebDAV chose, unless I am reading the spec incorrectly:

You read that correctly, but the WebDAV folks consider it a mistake.

  "RFC2518 advocates Digest Authentication. There was some concern that
   although it  doesnt transmit the password in the clear, the password
   or password  equivalent still has to reside in a file on the server
   basically in the  clear. They cant rely on that file  being secure
   and felt that Basic Authentication over SSL or other transport  level
   security was a better option."

-- http://www.webdav.org/wg/rfcdev/issues.htm

If they ever issue 2518bis, that part will have changed.

Robert Sayre

Follow-Ups:
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: Joe Gregorio

References:
- Collection convergence?
  - From: Tim Bray
- Re: Collection convergence?
  - From: Robert Sayre
- Re: Collection convergence?
  - From: Tim Bray
- Re: Collection convergence?
  - From: Robert Sayre
- Re: Collection convergence?
  - From: Tim Bray
- Re: Collection convergence?
  - From: Robert Sayre
- Protocol Authentication (was Re: Collection convergence?)
  - From: John Panzer
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: Robert Sayre
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: John Panzer
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: Robert Sayre
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: Joe Gregorio

Prev by Date: Re: SOAP 1.2?
Next by Date: Re: issue: Collection Document Fidelity
Previous by thread: Re: Protocol Authentication (was Re: Collection convergence?)
Next by thread: Re: Protocol Authentication (was Re: Collection convergence?)
Index(es):
- Date
- Thread