On 2012-02-22 08:04, David Morris wrote:
On Tue, 21 Feb 2012, Michael Richardson wrote:
"Barry" == Barry Leiba<barryleiba(_at_)computer(_dot_)org> writes:
Barry> OAuth is an authorization framework, not an authentication
Barry> one. Please be careful to make the distinction.
Barry> What we're looking at here is the need for an HTTP
Barry> authentication system that (for example) doesn't send
Barry> reusable credentials, is less susceptible to spoofing
Barry> attacks, and so on.
and is implemented in HTTP, not in terms of HTML forms, yet has all the
flexibility of the HTML form method?
And includes the ability for the user to logoff / the server reset the
login?
Is that a protocol problem or a user agent problem?
-- > <http://lists.w3.org/Archives/Public/www-archive/2012Jan/0023.html>
Best regards, Julian
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf