Digest might not be able to carry around the data -- Phillip can
answer that better than I can -- but using Digest would be so much an
improvement for non-browser HTTP client deployability, that it would
be worth it. There could be a well-known way to decompose the
identity to look up the identity information in a separate
transaction between servers.
Lisa
On Feb 28, 2006, at 8:21 PM, Dick Hardt wrote:
On 28-Feb-06, at 2:45 PM, Hallam-Baker, Phillip wrote:
From: Dick Hardt [mailto:[EMAIL PROTECTED]
There was an IETF BOF on Beyond Basic Auth that I had hoped
would develop some richer Auth mechanisms within HTTP that
could work with DIX.
How about Digest, it is supported inpractically every browser in
use, it
is secure against man in the middle attack, it is a standard and a
MUST
for HTTP/1.1
It takes practically no work to federate Digest and there is prior
art
on federation in the original proposal.
If you use use the email address as the username, a common realm
and SRV
records as a discovery mechanism you can implement an interoperable
federated auth scheme from existing code in a few hours.
How would this move around other identity data? My interest in DIX
is to be able to move around all kinds of identity data. To me,
that means that the site needs to be able to say "here is what I
want", the user has an opportunity to select what to release, and
then it is sent to the site.
-- Dick
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
