> From: Dick Hardt [mailto:[EMAIL PROTECTED]
> There was an IETF BOF on Beyond Basic Auth that I had hoped > would develop some richer Auth mechanisms within HTTP that > could work with DIX. How about Digest, it is supported inpractically every browser in use, it is secure against man in the middle attack, it is a standard and a MUST for HTTP/1.1 It takes practically no work to federate Digest and there is prior art on federation in the original proposal. If you use use the email address as the username, a common realm and SRV records as a discovery mechanism you can implement an interoperable federated auth scheme from existing code in a few hours. The scheme can be made even more compact and avoid leaking the URI being viewed by passing the HA2 value along with the federated auth request. Its simple, secure and built on existing standards. When I discussed this with Dan Connoly he had been thinking on very similar lines. _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
