Re: [hybi] About authentication mechanism
Iñaki Baz Castillo <ibc@aliax.net> Wed, 29 June 2011 09:14 UTC
Return-Path: <ibc@aliax.net>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33E2F21F862B for <hybi@ietfa.amsl.com>; Wed, 29 Jun 2011 02:14:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.677
X-Spam-Level:
X-Spam-Status: No, score=-2.677 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EFeqZ33in9wf for <hybi@ietfa.amsl.com>; Wed, 29 Jun 2011 02:14:57 -0700 (PDT)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id A5D0E21F8623 for <hybi@ietf.org>; Wed, 29 Jun 2011 02:14:57 -0700 (PDT)
Received: by qwc23 with SMTP id 23so845340qwc.31 for <hybi@ietf.org>; Wed, 29 Jun 2011 02:14:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.23.69 with SMTP id q5mr359429qcb.249.1309338897082; Wed, 29 Jun 2011 02:14:57 -0700 (PDT)
Received: by 10.229.240.15 with HTTP; Wed, 29 Jun 2011 02:14:57 -0700 (PDT)
In-Reply-To: <CABLsOLCDq_Hs6eLuouPQrjzZ9NwBKt=jGDyVmAhq9ttWSngv5w@mail.gmail.com>
References: <BANLkTinerv=Ua4d-ma+uPVJjF95U1U5iXg@mail.gmail.com> <BANLkTin4mWJgQm+pfyYRs_RhRkdMBfY_Og@mail.gmail.com> <BANLkTiksptqmTWftg7Ur98QQnp22QV7OLA@mail.gmail.com> <BANLkTimw8T4pZieBeCjaPQJ8oYWfbTjkmg@mail.gmail.com> <BANLkTikOzzHF1dGz-2-UwTC0kb2ZQd_0Jw@mail.gmail.com> <BANLkTimCTTCU4UFA7JFuBvDZSFv++UyGCA@mail.gmail.com> <BANLkTinWnTxkCh9BM_utX0=pxzE02DypuA@mail.gmail.com> <BANLkTi=LEOyhagpGZF9gTyLxGuqv5U64wmO_afwaw=eR=pVcPw@mail.gmail.com> <BANLkTinGb38bLyH20Q-QaP2jeDCfgYvENw@mail.gmail.com> <CABLsOLD-EWb=pQ33c9FSU3cu0JTGS5mc2-e5-oq-skfp7rzQhA@mail.gmail.com> <CALiegfnfWwqtWqHZ5GUCWMNdWODnV+fHNhn+fxpL49KQ=Fs8Fw@mail.gmail.com> <BANLkTi=CHoqCaTpBUyjokotR6F6tcfajcNedwQg0_ge0JRUYNQ@mail.gmail.com> <CALiegf=Y-kWG7piRnbDtKeh7Edj11OtQqHVCUq4N2_D1pXG8Qw@mail.gmail.com> <BANLkTim++ywp3fCM8YXuRkH41pUOLqbJZt1JhVdpdUcbJkaVmQ@mail.gmail.com> <CALiegfm8aCsnav51DC=h4DmH+F0DAJUk69D4bbv_0GtvDjw3tw@mail.gmail.com> <CABLsOLB17_BVH+mGG4PCvMo8hWSfc=BvuNgq8Rcbo5Mxm6k7Zg@mail.gmail.com> <CALiegfkcnUHbYB6MeQw3Vp+OadA-drUjWHqfjzrtd2Tp1VQCJA@mail.gmail.com> <CABLsOLCDq_Hs6eLuouPQrjzZ9NwBKt=jGDyVmAhq9ttWSngv5w@mail.gmail.com>
Date: Wed, 29 Jun 2011 11:14:57 +0200
Message-ID: <CALiegf=NVNgcfZEbxu+DzpCjwFFjK9dmOKYQOfX3KVQz92nRYQ@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: John Tamplin <jat@google.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: hybi@ietf.org, Greg Wilkins <gregw@intalio.com>
Subject: Re: [hybi] About authentication mechanism
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2011 09:14:58 -0000
2011/6/29 John Tamplin <jat@google.com>: > I feel the same way, and this is my last response. Mine also, I think this thread is long enough and opinions are already given. > Some JS code is making a WS request. It can use whatever mechanism it wants > for obtaining the credentials from the user, and send them over the WS > connection. Which means authentication at pure JavaScript level. Dangerous IMHO. > Feel free to suggest something that has broad consensus. I haven't heard > any such suggestion, nor have I heard anyone else beside you clamoring for > it. This is expected as, IMHO, most of this WG comes from WWW world in which no one authentication standard has succedeed (HTTP auth is ugly indeed) so custom authentication mechanism are mainly used. -- Iñaki Baz Castillo <ibc@aliax.net>
- [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Greg Wilkins
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Ian Fette (イアンフェッティ)
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Ian Fette (イアンフェッティ)
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Ian Fette (イアンフェッティ)
- Re: [hybi] About authentication mechanism John Tamplin
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Ian Fette (イアンフェッティ)
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Ian Fette (イアンフェッティ)
- Re: [hybi] About authentication mechanism Greg Wilkins
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism John Tamplin
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism John Tamplin
- Re: [hybi] About authentication mechanism Greg Wilkins
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Bob Gezelter
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo
- Re: [hybi] About authentication mechanism Greg Wilkins
- Re: [hybi] About authentication mechanism Ian Fette (イアンフェッティ)
- Re: [hybi] About authentication mechanism Iñaki Baz Castillo