[Ietf-http-auth] Whay is caldav special?
shaver at mozilla.org
Fri Sep 30 04:04:11 PDT 2005
It's true that many (all? InfoCard, SXIP and Passel are all in the same boat too) of these systems presume that there's a human in front of a real web browser, but I think that an extension to http auth to permit "auth uplift" into these richer credential models has to take into account other modern uses of HTTP.
CalDAV (including the future plans for server-to-server), WebDAV-based filesystem mounts, and even RESTful web services are all going to need something better here. I'd be tempted to say that in-band SSL negotiation was a separate problem, but some crazy people are probably going to want to use client certs or even cleartext credentials in their auth model.
(I think that any such auth system which can't jam its credential protocol into redirects and cookies is going to face a very hard battle against the long tail of existing web applications and infrastructure, but that's another thread.)
More information about the Ietf-http-auth