[Ietf-http-auth] Re: Implementation likelihood?
Joe Gregorio
joe.gregorio at gmail.com
Thu Nov 17 18:27:49 PST 2005
On 11/17/05, Roy T. Fielding <fielding at gbiv.com> wrote:
> Digest should be replaced with a new algorithm that includes
> only qop=auth, client-generated nonces and a simple timestamp
> based on the last 401 response's Date field. Anything more than
> that is just as expensive for the server to implement as SSL/TLS.
+1. That's exactly what the Atom Publishing Protocol needs.
The use case from the Atom Publishing Protocol it would be
a single picture POST'd from a cellphone to a server
that implements the auth completely in a CGI script.
No sessions.
Simple and straight forward to implement.
Server-side is implementable in a CGI script.
-joe
--
Joe Gregorio http://bitworking.org
More information about the Ietf-http-auth
mailing list