Re: Access Authorization

Ari Luotonen (luotonen@ptsun00.cern.ch)
Fri, 17 Sep 93 09:56:11 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Marc VanHeyningen: "Re: Access Authorization"
Previous message: Ari Luotonen: "Re: A modest proposal for access authentication"
Maybe in reply to: Wayne Allen: "Access Authorization"

Larry Masinter:
> I pointed folks at the existing RFC 1416 for Telnet authorization
> negotiation. Why reinvent? Is RFC 1416 unworkable?

This RFC defines how to fit Kerberos and such authentication into
the telnet framework. This is unusable because telnet negotiation
is built on the fact that there is a session -- in HTTP we try to
avoid that. Besides, there is really very little anything new in my
proposal, most of it conforms with RFC1421, Privacy Enhanced Mail.
It is only dressed up in terms of HTTP. And because we can do it
without a session, then why fight agaist it so hard?

-- Ari --

Next message: Marc VanHeyningen: "Re: Access Authorization"
Previous message: Ari Luotonen: "Re: A modest proposal for access authentication"
Maybe in reply to: Wayne Allen: "Access Authorization"