[Ietf-http-auth] Whay is caldav special?
RL 'Bob' Morgan
rlmorgan at washington.edu
Thu Sep 29 23:57:06 PDT 2005
On Fri, 30 Sep 2005, douglm at rpi.edu wrote:
> I don't understand why caldav is any different from any other http or
> http based system.
In a nutshell, web-based sign-on systems take advantage of browser
features, such as cookies, redirects, POSTs, and forms. Some or all of
those aren't available on HTTP user agents that aren't web browsers.
> Would it not be better to find those in calconnect who have some
> interest and knowledge in security and authentication and ask them to
> identify and present any special interests or problems the caldav group
> may have to those groups.
I'm the main one so far who has raised this issue. I suppose I qualify as
a security expert in this context. I am one of the principals in the
Shibboleth project, I have worked with Liberty, I contributed to the OASIS
SAML standard, and I'm pretty familiar with many of the other web signon
systems work. The problem is that they don't apply to webdav/caldav, as
currently specified, for the above reasons.
I'll forward the piece I wrote on this topic, previously sent to the
calconnect caldav TC.
- RL "Bob"
More information about the Ietf-http-auth