|
List Info Thread: BOF plans
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
BOF plans |
|
List Info Thread: BOF plans
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
osafoundation.org] On
Behalf
> I agree that it is important and achievable to share
> authentication against all of these protocols.
>
> My proposal definitely works that wy. There are things
you
> need to do in the binding to http--and one of those is
state
> management. However it is quite clear that anything
that
> will work with http negotiate authentication also works
with
> xmpp, smtp, ldap, imap, and friends.
>
> In the specific case of Kerberos, we have a lot of
running code.
Cookies should have been Kerberos tokens from the start.
Whatever scheme we come up with is going to have two
distinct phases.
1) In the authentication phase the user will on success
receive some form of ticket.
2) In the ticket phase the ticket will be presented for
multiple transactions until it expires.
We have to have a balance here between simplicity and
generality. We do need to support multiple application
protocols. We do not need to support multiple authentication
protocols for the same authentication mechanism.
We must not redo ISAKMP.
_______________________________________________
Ietf-http-auth mailing list
Ietf-http-auth