Thomas Broyer wrote:
HTTP/1.1 doesn't mandate support for any authentication scheme, so why would APP do? Nothing more should be said than "you, as a server implementor, might want to consider protecting your APP endpoints with whatever mechanism you choose –presumably using HTTP authentication, SAML, NTLM or something else– and clients implementors should be aware of that".
+1
(I personnaly haven't TLS at my shared hosting, so I'll use Basic first, and then move to Digest, HMACDigest or any better algorithm –and given that I'm progressing no faster than a snail, there might be some new ones since then :-p –)
That's basically my plan too. Regards James
