[Ietf-http-auth] Whay is caldav special?
slawrence at pingtel.com
Mon Nov 7 18:22:01 PST 2005
On Mon, 2005-11-07 at 15:44 -0800, RL 'Bob' Morgan wrote:
> On Fri, 30 Sep 2005, Jeffrey Altman wrote:
> > Then let's start a list of the reasons why sites use forms instead of
> > HTTP AUTH:
> > * Using forms places all of the control in the hands of the web site
> > designer. The choice of web server, its support for HTTP
> > authentication, and the APIs to access it can be abstracted out of
> > the equation.
> This is I think the really big one. Apps deployers like the web because
> web pages can be whatever they want to be. A institutional "weblogin"
> page can have links to helpdesk info, institutional branding, hooks to
> things like virus checkers, info about what SSO means, etc. Or, the login
> form can be just a part of an app site's main info-rich front page, as it
> is for most corporate sites these days.
> Now it's true that these pages could replace the username/password fields
> in these forms with a button that would invoke basic or digest, and still
> get the benefit of all the web page content. But I think sites would
> regard this as a step backwards in a couple of ways. One is that they
> regard the browser-popped-up username/password dialog as being an inferior
> (or at least less site-controlled) user experience (in fact I think a case
> could be made that most web site designers would prefer never to have
> browser-controlled UI in the user experience if possible ...). The other
> is that they strongly prefer cookies for authentication state maintenance
> rather than http-auth's replay methods, again because the web site has
> control over the cookies.
Tried to fix that one years ago...
Scott Lawrence tel:+1-781-938-5306;ext=162 or sip:slawrence at pingtel.com
Consulting Engineer - Pingtel Corp. http://www.pingtel.com/
sipXpbx project coordinator - SIPfoundry http://www.sipfoundry.org/sipX
More information about the Ietf-http-auth