deBry security proposal

deBry security proposal

deBry security proposal

Robert Herriot robert.herriot at Eng.Sun.COM
Sat Nov 23 02:27:52 EST 1996


I would like to know if Authorization is typically included with an HTTP message or only
if a server requests it.  RFC 1945 is unclear on this point.


I ask this because I would like one form of security to be where the client (not the end-user)
automatically sends an attribute at the HTTP level with the user's name and ideally the 
domain name as well.


Such values could implement the attributes operation-user-name and operation-host-name.  This
mechanism would allow a lightweight security mechanism that would work in cooperative
environments where people don't want to deal with passwords but also don't want to
cancel other people's jobs accidentally.


I think that this is one case that Roger missed in his enumeration of possible security
mechanisms.


Bob Herriot



More information about the Ipp mailing list