SHEN and the other proposals that have come up recently are fine
and serve a good purpose. However, I think there is a need for some
minimal authorization, low-security mechanism for some applications.
While I'm sure the security purists will object to passwords and HTTP
objects sent in the clear, I think there are, in the near term, many
applications that require security only "as good as what they're using now"
(ie passwords and text sent in the clear). A good application of this
was demonstrated by Mr. Freeman-Benson's paper in Geneva.
Anyone here wish to comment on the appropriateness of such an implementation ?
I am thinking of simply implementing the "Authorization" field "user" scheme
as it is loosely proposed in the 11/93 HTTP spec and "implemented by AL Sep
1993".
Ari - if you're listening - any comments or words of wisdom on your
ACCESS_AUTH code ?
Mike
-----------------------------------------------
Michael A. Dolan - <mailto:miked@cerfnet.com>
TerraByte Technology (619) 445-9070, FAX -8864