On 6/6/06, John Panzer <[EMAIL PROTECTED]> wrote:
Sorry about the late reply to this. There's one other major open issue
for the APP: There's still been no consensus on section 13,
authentication.
Apparently PaceAuthentication[1] has been shelved[2]. Didn't realize
that had happened. There is also PaceBasicAuthentication[3] which
addresses a subset of PaceAuthentication; I'm generally +1 on it but I
don't think it addresses the TODO item below.
More importantly, there's a big TODO item in the current draft APP spec[4]:
13.1 CGI Authentication
[[anchor27: note: this section is incomplete; cgi-authentication is
described but is unspecified.]] This authentication method is
included as part of the protocol to allow Atom Protocol servers and
clients that cannot use HTTP Digest Authentication but where the user
can both insert its own HTTP headers and create a CGI program to
authenticate entries to the server. This scenario is common in
environments where the user cannot control what services the server
employs, but the user can write their own HTTP services.
I think we need to complete this section or remove it before declaring
APP complete.
+1 to removing any mention of cgi-authentication.
-joe
--
Joe Gregorio http://bitworking.org
