Our implementation of APP currently uses HTTP Basic authentication over
an SSL connection. The spec calls for "HTTP Digest Authentication
and/or CGI Authentication" and includes a comment "[rfc.comment.4:
expand on HTTP basic and digest authentication, or refer.]"
With our implementation(s), we would like to be able to use as broad a
spectrum of authentication mechanisms as possible -- without being
limited to just one or two mechanisms. The choice should be up to the
application.
So what's the story here? We obviously need to complete this section.
I'm not a security expert and typically just end up sounding silly when
I try to write up anything remotely related to security so it would be
great if someone could write up a pace that fills in the security section.
- James
- HTTP authentication James M Snell
-
