On 28-Feb-06, at 2:45 PM, Hallam-Baker, Phillip wrote:
From: Dick Hardt [mailto:[EMAIL PROTECTED]
There was an IETF BOF on Beyond Basic Auth that I had hoped
would develop some richer Auth mechanisms within HTTP that
could work with DIX.
How about Digest, it is supported inpractically every browser in
use, it
is secure against man in the middle attack, it is a standard and a
MUST
for HTTP/1.1
It takes practically no work to federate Digest and there is prior art
on federation in the original proposal.
If you use use the email address as the username, a common realm
and SRV
records as a discovery mechanism you can implement an interoperable
federated auth scheme from existing code in a few hours.
How would this move around other identity data? My interest in DIX is
to be able to move around all kinds of identity data. To me, that
means that the site needs to be able to say "here is what I want",
the user has an opportunity to select what to release, and then it is
sent to the site.
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
