[DAS2] authentication
Andrew Dalke
dalke at dalkescientific.com
Mon May 15 15:47:02 UTC 2006
> I looked at HTTP digest authentication
> http://www.ietf.org/rfc/rfc2617.txt
> http://en.wikipedia.org/wiki/Digest_access_authentication
Grr. I came across
http://bitworking.org/news/Problems_with_HTTP_Authentication_Interop
which is a parody of the Monty Python Cheeseshop sketch. The
summary is that digest has a lot of options, different servers
and client libraries do different things, so the de facto spec
is different than the written one.
Another solution is through cookies. That's useful for web
browsers because it supports logout, but for a specialized
client (like we have) it's less useful.
Grr.
Okay, looks like the solutions are:
1. pick a subset of HTTP Digest authentication
2. Basic auth over HTTPs
with 1. in the lead.
Andrew
dalke at dalkescientific.com
More information about the DAS2
mailing list