Should mention new works on HTTP strong authentication mechanisms #14
Description
Part3. HTTP authentication
[CURRENT]
Because of these limitations and the relative inflexibility of this scheme
to begin with, HTTP authentication has been almost completely extinct on
the Internet, and replaced with custom solutions built around HTTP cookies
(it is still sometimes used for intranet applications or for simple access
control for personal resources).
[END CURRENT]
[PROPOSAL]
A)New work on HTTP strong authenticaton mechanisms in form of DRAFT
http://tools.ietf.org/html/draft-hartman-webauth-phishing-09
http://www.ietf.org/internet-drafts/draft-ietf-httpbis-security-properties-02.tx
t
B)NTLM and basic auth tt's still used too for proxy access and many web
APIs use this mechanism (Not widely used for interactive human usage)
C)Many sites moved away from HTTP authentication mostly because there
wasn't good UI in the browser (not because technical aspects of digest
and basic)
D)There is a need for a robust framework where new schemes can be plugged
more easily and making the HTTP authentication more visually and attractive
in the browser world
E)Some humour with HTTP authentication implementations
http://bitworking.org/news/Problems_with_HTTP_Authentication_Interop
Original issue reported on code.google.com by ecasb...@gmail.com on 3 Jan 2009 at 12:56