RE: Proposal for new HTTP 1.1 authentication scheme
Yaron Goland (yarong@microsoft.com)
Sun, 28 Dec 1997 18:38:28 -0800
I can think of an enormous number of reasons why a useful ACL protocol
couldn't be specified, but then I'm the one adding the adjective "useful."
Anyway, the DAV group is now working on just such a standardization. There
are two drafts out and a firestorm of discussion.
Yaron
> -----Original Message-----
> From: Eric_Houston/CAM/Lotus@lotus.com
> [SMTP:Eric_Houston/CAM/Lotus@lotus.com]
> Sent: Monday, December 15, 1997 6:55 AM
> To: jg@pa.dec.com; zurko@opengroup.org
> Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
> Subject: Re: Proposal for new HTTP 1.1 authentication scheme
>
> I don't see why a standard ACL protocol cannot be specified, it would add
> TREMENDOUS value.
> -e
>
> ---------------------- Forwarded by Eric Houston/CAM/Lotus on 12/15/97
> 09:51 AM ---------------------------
>
>
> Mary Ellen Zurko <zurko@opengroup.org> on 12/11/97 08:41:29 AM
>
> To: Eric Houston/CAM/Lotus
> cc: jg@pa.dec.com (Jim Gettys) ,
> http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, zurko@opengroup.org
> Subject: Re: Proposal for new HTTP 1.1 authentication scheme
>
>
>
>
> > 1) When the content server redirects the request to the authentication
> > server, it encrypts the ACL for the protected resource. The
> authentication
> > server then validates the user against the (decrypted) ACL and returns
> the
> > first matching entry to be cached in the browser. When the browser is
> > queried for user credentials, the encrypted (authenticated) group
> > affiliations are returned to the content server.
> >
> Since there are no standardized ACLs, I don't think this can be
> addressed in the HTTP spec. Or did I miss the part where ACLs were
> added to HTTP?
> Mez
>
>
>