[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protocol Authentication

To: John Panzer <"jpanzer"@aol.net>
Subject: Re: Protocol Authentication
From: Joe Gregorio <joe.gregorio@xxxxxxxxx>
Date: Mon, 21 Mar 2005 10:56:42 -0500
Cc: atom-protocol@xxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=aUzj7dyUjMUX0iZzx4jTwVgf5U+tTRUhb/31LbGasTbLfPMLBlWeIM84VtkGZ/UZRqgD6CPDDVmubJqesmpGvIo/8rjH3r3ykAnQV63ZiwtIHytTT7rB1cHCHOA4DmPxpKEGi2cXRElqMri6D0lIuPY2noubVyUzBWLAISDn7PA=
In-reply-to: <423B5121.5080908@aol.net>
List-archive: <http://www.imc.org/atom-protocol/mail-archive/>
List-id: <atom-protocol.imc.org>
List-unsubscribe: <mailto:atom-protocol-request@imc.org?body=unsubscribe>
References: <> <> <> <> <> <> <> <> <> <423B5121.5080908@aol.net>
Reply-to: Joe Gregorio <joe.gregorio@xxxxxxxxx>
Sender: owner-atom-protocol@xxxxxxxxxxxx

On Fri, 18 Mar 2005 14:07:29 -0800 (PST), John Panzer <"jpanzer"@aol.net> wrote:
>  In this context, 'support' is a bad word (I knew this, and just listened to
> a talk by Karl Wiegers that highlighted this as a word to avoid in specs). 
> Here's my interpretation of 'support HTTP X Auth':
>  
>  "An Atom server which requires authentication for a particular request, and
> which receives a request lacking authentication [1], shall respond with a
> 403 and a WWW-Authenticate: challenge to the client.  Such a challenge MUST
> include the HTTP X[2] Auth scheme.  Further, an Atom server which requires
> authentication for a particular request, and which receives an otherwise
> unauthenticated request containing a WWW-Authenticate: header providing HTTP
> X Auth information, MUST use the provided HTTP X Auth information to attempt
> to authenticate the requestor.  A server SHOULD ignore HTTP X Auth
> information if, and only if, it has already authenticated a request using
> some other mechanism."

I'm not even sure we should go that far in restricting things, doesn't
the above wording rule out using TLS and IPSec, which I vaguely recall
can both supply authentication?

   -joe

-- 
Joe Gregorio        http://bitworking.org

Follow-Ups:
- Re: Protocol Authentication
  - From: James Aylett

References:
- Collection convergence?
  - From: Tim Bray
- Re: Collection convergence?
  - From: Robert Sayre
- Re: Collection convergence?
  - From: Tim Bray
- Re: Collection convergence?
  - From: Robert Sayre
- Protocol Authentication (was Re: Collection convergence?)
  - From: John Panzer
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: Robert Sayre
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: John Panzer
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: Robert Sayre
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: Joe Gregorio

Prev by Date: Re: issue: Collection Document Fidelity
Next by Date: Re: Protocol Authentication
Previous by thread: Re: Protocol Authentication (was Re: Collection convergence?)
Next by thread: Re: Protocol Authentication
Index(es):
- Date
- Thread