[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protocol Authentication

To: atom-protocol@xxxxxxx
Subject: Re: Protocol Authentication
From: James Aylett <james@xxxxxxxxxxxx>
Date: Mon, 21 Mar 2005 16:13:42 +0000
In-reply-to: <>
List-archive: <http://www.imc.org/atom-protocol/mail-archive/>
List-id: <atom-protocol.imc.org>
List-unsubscribe: <mailto:atom-protocol-request@imc.org?body=unsubscribe>
References: <> <> <> <> <> <> <> <> <423B5121.5080908@aol.net> <>
Sender: owner-atom-protocol@xxxxxxxxxxxx
User-agent: Mutt/1.3.28i

On Mon, Mar 21, 2005 at 10:56:42AM -0500, Joe Gregorio wrote:

> > Here's my interpretation of 'support HTTP X Auth':
> >  
> >  "An Atom server which requires authentication for a particular request, and
> > which receives a request lacking authentication [1], shall respond with a
> > 403 and a WWW-Authenticate: challenge to the client.  Such a challenge MUST
> > include the HTTP X[2] Auth scheme.  Further, an Atom server which requires
> > authentication for a particular request, and which receives an otherwise
> > unauthenticated request containing a WWW-Authenticate: header providing HTTP
> > X Auth information, MUST use the provided HTTP X Auth information to attempt
> > to authenticate the requestor.  A server SHOULD ignore HTTP X Auth
> > information if, and only if, it has already authenticated a request using
> > some other mechanism."
> 
> I'm not even sure we should go that far in restricting things, doesn't
> the above wording rule out using TLS and IPSec, which I vaguely recall
> can both supply authentication?

It's not a question of whether they support authentication, but
whether they support challenge-based authentication. If they don't,
the above text will still work, as only if the client doesn't
authenticate over TLS (say) from the beginning, the HTTP Auth
mechanism comes into play.

I think that TLS does non-challenge authentication, but I could be
wrong. No idea about IPSec.

James

-- 
/--------------------------------------------------------------------------\
  James Aylett                                                  xapian.org
  james@xxxxxxxxxxxx                               uncertaintydivision.org

References:
- Re: Collection convergence?
  - From: Robert Sayre
- Re: Collection convergence?
  - From: Tim Bray
- Re: Collection convergence?
  - From: Robert Sayre
- Protocol Authentication (was Re: Collection convergence?)
  - From: John Panzer
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: Robert Sayre
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: John Panzer
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: Robert Sayre
- Re: Protocol Authentication (was Re: Collection convergence?)
  - From: Joe Gregorio
- Re: Protocol Authentication
  - From: Joe Gregorio

Prev by Date: Re: Protocol Authentication
Previous by thread: Re: Protocol Authentication
Next by thread: Re: Collection convergence?
Index(es):
- Date
- Thread