RE: ticket based authentication

David W. Morris (dwm@xpasc.com)
Wed, 2 Aug 2000 19:02:07 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave Kristol: "[Fwd: Protocol Action: Use of HTTP State Management to BCP]"
Previous message: James G Smith: "Re: ticket based authentication"

While not commenting directly on the proposal, I would note in my
application deployment role ... firewall and application service provider
issues make the missing function Scott mentions an important capability.

Thanks,
  Dave Morris

On Wed, 2 Aug 2000, Scott Lawrence wrote:

> 
> > From: ronald@innovation.ch
> 
> > Isn't the algorithm=MD5-sess in Digest auth sufficient? The A1 is
> > basically your ticket. Or maybe I'm missing something.
> 
> No, Digest as currently defined allows the http server to consult a
> third party authentication server in order to obtain the secret (but
> does not specify how that should be done).  It does not, however, meet
> the need described here - that the http server be able to instruct the
> client to first obtain credentials through the third party server.

Next message: Dave Kristol: "[Fwd: Protocol Action: Use of HTTP State Management to BCP]"
Previous message: James G Smith: "Re: ticket based authentication"