On Thu, 14 Oct 2004, Diego Woitasen wrote:
> somebody knows about any standard or implementation of SASL and HTTP?
None that I know of. Only Basic and Digest authentication have been
standardised, and Microsoft have published a draft on how their Negotiate
(and NTLM) authentication protocol leaches ontop of HTTP masquerading
themselves looking alsmost like HTTP authentication mechanisms.
SASL fits rather badly with HTTP as SASL is quite session oriented with a
relatively heavy session setup negotiation while HTTP is sessionless (much
of the same problems as seen by Microsoft Negotiate & NTLM). But I suppose
it might be possible to design a session aware authentication model like
the one used by Digest to support SASL in a sane manner. But without
support from the browser vendors it is somewhat pointless.
Regards
Henrik
Received on Fri Oct 15 2004 - 01:31:49 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:02 MST