[5158] in www-talk@info.cern.ch
Minimal Authorization
daemon@ATHENA.MIT.EDU (Michael A. Dolan)
Fri Aug 12 14:08:00 1994
Date: Fri, 12 Aug 1994 20:05:08 +0200
Errors-To: listmaster@www0.cern.ch
Errors-To: listmaster@www0.cern.ch
Reply-To: miked@CERF.NET
From: miked@CERF.NET (Michael A. Dolan)
To: Multiple recipients of list <www-talk@www0.cern.ch>
Has there been any recent discussion in regard to a minimal authorization
for HTTP ?
SHEN and the other proposals that have come up recently are fine
and serve a good purpose. However, I think there is a need for some
minimal authorization, low-security mechanism for some applications.
While I'm sure the security purists will object to passwords and HTTP
objects sent in the clear, I think there are, in the near term, many
applications that require security only "as good as what they're using now"
(ie passwords and text sent in the clear). A good application of this
was demonstrated by Mr. Freeman-Benson's paper in Geneva.
Anyone here wish to comment on the appropriateness of such an implementation ?
I am thinking of simply implementing the "Authorization" field "user" scheme
as it is loosely proposed in the 11/93 HTTP spec and "implemented by AL Sep
1993".
Ari - if you're listening - any comments or words of wisdom on your
ACCESS_AUTH code ?
Mike
-----------------------------------------------
Michael A. Dolan - <mailto:miked@cerfnet.com>
TerraByte Technology (619) 445-9070, FAX -8864
