+1. The example of Gdata only supporting their own, proprietary authentication mechanism is an equal demonstration. What Joe suggests is right on in that clients *will* face different authentication mechanisms, and the choice of mechanism will keep a key interop concern. Recommending (but not requiring) https+basic is at least one way of (partially) mitigating that concern.
- James John Panzer wrote: > > The example of Ecto only supporting WSSE (and apparently not supporting > any standard HTTP Auth scheme?) would seem to argue that there is a need > to be a little more specific... > > Joe Gregorio wrote: > >> After all the time we've spent going over this issue I don't >> see the need to say anything beyond 'servers should >> secure their endpoints' and 'clients should be aware that >> they will face different kinds of authentication schemes'. >> >> -joe >> >> On 6/6/06, John Panzer <[EMAIL PROTECTED]> wrote: >> >>> >>> Sorry about the late reply to this. There's one other major open issue >>> for the APP: There's still been no consensus on section 13, >>> authentication. >>> >> > >
