On Thu, Feb 23, 2012 at 05:23:45PM -0800, Paul Hoffman wrote:
If only it were that simple. If the answer is "design an HTTP auth mechanism
that is better than Digest", then this is a tractable goal. If it is "get
IETF consensus on that auth mechanism", then it isn't. The latter has proven
to be impossible because people say (possibly rightly) that web developers
don't want auth mechanisms that use the browser chrome: they want auth in
HTML, and anything that relies on the browser chrome is insufficient.
Maybe but you still need HTTP-based auth for proxies anyway. Also, I
partially disagree with your point, seeing the number of applications
in enterprise which rely on the hated NTLM auth which is also HTTP-based ;
they're using it because it's transparent to the user, and enterprise
customers do ask for such transparent auth schemes.
There would also be much less need for cookies if auth was carried by the
browser, and this would let the user log off. So I think there's a need
for this.
Regards,
Willy
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf