> [mailto:[EMAIL PROTECTED] On Behalf
> I agree that it is important and achievable to share > authentication against all of these protocols. > > My proposal definitely works that wy. There are things you > need to do in the binding to http--and one of those is state > management. However it is quite clear that anything that > will work with http negotiate authentication also works with > xmpp, smtp, ldap, imap, and friends. > > In the specific case of Kerberos, we have a lot of running code. Cookies should have been Kerberos tokens from the start. Whatever scheme we come up with is going to have two distinct phases. 1) In the authentication phase the user will on success receive some form of ticket. 2) In the ticket phase the ticket will be presented for multiple transactions until it expires. We have to have a balance here between simplicity and generality. We do need to support multiple application protocols. We do not need to support multiple authentication protocols for the same authentication mechanism. We must not redo ISAKMP. _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
