On 2/28/2006 7:50 PM, "Robert Yates" <[EMAIL PROTECTED]> wrote:
> Hallam-Baker, Phillip wrote: > >>> From: Dick Hardt [mailto:[EMAIL PROTECTED] >>> >>> There was an IETF BOF on Beyond Basic Auth that I had hoped >>> would develop some richer Auth mechanisms within HTTP that >>> could work with DIX. >>> >>> >> >> How about Digest, it is supported inpractically every browser in use, it >> is secure against man in the middle attack, it is a standard and a MUST >> for HTTP/1.1 >> > +1 I would be a strong proponent of having an interop story for DIX and > Digest. Most feedreaders support Digest and RESTful webservices can use it. > >From a protocol design standpoint, however, lets separate the 'act of authenticating' with the 'act of sharing a security token with a relying party' they are different. And in some cases, an RP to an assertion may require the homesite to use a certain authentication mechansim or else, don't bother. This is a design pattern in SAML, of course, but can be applied elsewhere. What's federated is not the digest auth, but (some form of) a token indicating that digest auth occurred. =peterd (http://xri.net/=peterd) _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
