On 3/23/2006 8:55 AM, "Lisa Dusseault" <[EMAIL PROTECTED]> wrote:
> > On Mar 22, 2006, at 9:28 PM, Peter Davis wrote: > >> On 3/22/2006 8:52 AM, "Robert Yates" <[EMAIL PROTECTED]> wrote: >>>> >>> Not so fast ;-) The SAML POST binding requires that the HTTP UA be a >>> browser or at the very least it MUST be capable of rendering HTML >>> forms >>> and then making posts of media type >>> `application/x-www-form-urlencoded'. >> >> Fair enough. (tho any self respecting webDav client should, which >> is what >> various blogging tools really are) > > I can't vouch for them being "self-respecting" but here are some > WebDAV clients that do not render HTML at all, so can't use HTML > forms to authenticate: I think this thread has (at least for me) is teasing out a new requirement . It underscores the need to ensure support for non-HTML aware HTTP clients. While many of the DAV clients Lisa enumerated use shared HTTP engines, they may not always avail themselves of shared HTML engines. As a result, perhaps a new requirement may look like: - the protocol shall support the transfer/transport of security tokens over HTTP, but does not require implementations to support the HTML form controls <form> and the associated encodings (eg: Calendar Clients, FS-browsers, etc...) Maybe that requirement (or a close cousin) is already there. I cannot seem to drudge up the present requirements thread... =peterd (http://xri.net/=peterd) _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
