[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Auth]The simplest thing that can possibly work
From: |
Jeremy Petzold |
Subject: |
Re: [Auth]The simplest thing that can possibly work |
Date: |
15 Jul 2001 14:25:51 -0700 |
with such a system, we could use SHTTP to protect the information especialy if
we use XML-RPC since it relies on HTTP. would that be a good Idea or does it
limit us?
On Sun, 15 July 2001, Norbert Sendetzky wrote:
>
> On Sunday 15 July 2001 20:35, you wrote:
>
> Ron, you are damn right!
> We have to keep it small and simple, but what we must not do (never!) is to
> create a protocol that we have to break, if we want to extend it.
>
> On the implementation side I think we can do this (like you mentioned) with
> normal data tranfers and HTTP posts. But we must define a protocol how user
> data is requested because this doesn't exist until now. If websites require
> user name and password, they do it by displaying a form (somewhere in the
> html code) which is different on each site. You can not detect what
> information the form is awaiting. We definitly need something (a protocol)
> that let us know, what we have to do.
>
> I think about a few requirements to archive this simplicity:
> 1.) We can expect that a server-side language is available on the web server,
> because if not, they are not able to process the information today
> 2.) Our protocol should be in text format, because this is easy to parse
> 3.) Maybe we can use XML; parsers are available in most server-side languages
>
>
> A possible example:
>
> Request from a website:
> <dotgnu action="request" origin="www.dotgnu.org">
> <auth>
> <item>name</item>
> <item>password</item>
> </auth>
> </dotgnu>
>
> Reply from the client after the user has accepted the transmission (this time
> or in the past):
> <dotgnu action="reply">
> <auth>
> <name>me</name>
> <password>verysecret</password>
> </auth>
> </dotgnu>
>
>
> It is simple and could be easily extended, e.g. by CC information or a
> certificate or ...
>
> Other opinions?
>
>
> Norbert
> _______________________________________________
> Auth mailing list
> address@hidden
> http://dotgnu.org/mailman/listinfo/auth
Regards,
Jeremy
Find the best deals on the web at AltaVista Shopping!
http://www.shopping.altavista.com