>>>>> "Eliot" == Eliot Lear <[EMAIL PROTECTED]> writes:
Eliot> Hi,
>> I doubt it will be possible to use exactly the same methods for HTTP,
>> XMPP, SMTP and IMAP. The latter three (XMPP, SMTP and IMAP) are
>> session based, and might require authentication/authorization only
>> once during a session. HTTP is stateless (at least in general), so
>> some thought needs to be given to extending the auth across multiple
>> requests.
Eliot> While I agree there may be some differences between application
Eliot> protocols, it is the primary authentication method that must be
shared.
Eliot> Consider the case where some sort of authentication subsystem sits
Eliot> outside each application. So long as the API for that can be shared,
Eliot> we're probably good. If HTTP requires a method to retain state
across
Eliot> connections that is HTTP's business. I would not link the two
together.
I agree that it is important and achievable to share authentication
against all of these protocols.
My proposal definitely works that wy. There are things you need to do
in the binding to http--and one of those is state management. However
it is quite clear that anything that will work with http negotiate
authentication also works with xmpp, smtp, ldap, imap, and friends.
In the specific case of Kerberos, we have a lot of running code.
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
