[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Auth]simple logon proposal feedback

From: R. Saravanan
Subject: [Auth]simple logon proposal feedback
Date: Fri, 27 Jul 2001 08:45:16 -0700 (PDT)

>>The advantage of using an URI scheme is that
>>do not need to define a new MIME type.

>I couldn't quite follow how this would work in
>Can you give an example of exactly what modification
>the web page designer has to make to an existing
>logon page, and spell out how the client software
>is going to be able to intercept that request in
>IE or Netscape?

Let us say the web site redirects the client software
to the following URL:
the browser will invoke the installed x-dotgnu
protocol handler to handle the URL and will display
any content output by the protocol handler. The
protocol handler can then output a GET redirection
back to the website to authenticate the user. Protocol
handlers are fairly easy to implement for IE and
Mozilla. The only sticking point is that there is no
easy way to find out whether the client software
actually has the x-dotgnu protocol installed. Browsers
do not advertise the presence of additional installed
software, which is perhaps necessary for privacy
reasons.I can't think of any way of doing that without
using SCRIPT. The EMBED approach will not work with
protocol handlers. So defining a new MIME type is
perhaps the way to go, despite the inconvenience of
having to reconfigure web servers to handle the new
MIME type.

>>3. In addition to supporting plain text password
>>authentication (similar to the HTTP Basic
>>Authentication) the logon scheme should also support
>>the newer Digest-MD5 authentication, which uses a
>>challenge-response protocol without having to
>>transmit the plaintext password.

>Do Netscape and IE provide an defined mechanism for
>plugin software to intercept and respond to HTTP
>authentication challenges? This is a mechanism that,
>in practice, would require implicitly accessing the
>user's password for many pages at a given web
>site rather than just at a single logon page, right?

I'm not sure whether IE/Mozilla support digest
authentication yet. I suspect most web sites don't
support it at the current time either. You can check
out the RFC
It is certainly something that should be supported in
new software (or protocols) in the interests of better


Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger

reply via email to

[Prev in Thread] Current Thread [Next in Thread]