[Standards-JIG] JEP-0070 revision needed wrt WWW-Authenticate

Maciek Niedzielski machekku at uaznia.net
Fri May 5 14:56:46 UTC 2006


Hal Rottenberg wrote:
> I was talking with Machekku tonight about a possible implementation of
> JEP-0070 [1] for use with a web service he is working on.  Upon
> reading the JEP, I discovered a problem with the way it uses the Realm
> parameter to the Basic and Digest tokens in the WWW-Authenticate HTTP
> header.

Just one more reason to have a new authenticaion mechanism instead of 
doing "realm magic":

It's probably much easier to provide a plugin (both for client and 
server) adding support for new mechanism, rather then putting if realm 
== "xmpp" somehwere into existing code, in a place that may hard to 
modify (meaning: hard to get your code into official version), or even 
impossible to modify by 3rd party (in closed-source software).

This may really slow down deployment of new technology...

-- 
Maciek



More information about the Standards mailing list