Joe Gregorio wrote:
> -1 (See inline)
>
yep... this was the first of two alternatives I wanted to put on the
table. I personally prefer PaceFixSecurityConsiderations.
> You would be hard pressed to find a *single* web service today
> that supports both Basic and Digest at the same time. I know
> the spec says that it's possible, the reality is that it just isn't
> done.
>
To be absolutely honest, at the moment I can't recall a single service
that has used digest authentication successfully.
> Mandating any specific auth implementation doesn't add
> to interop and will only add to the burden of people trying
> to build 'conformant' implementations.
>
+1
- James
