IPP> Re: deBry security proposal

IPP> Re: deBry security proposal

IPP> Re: deBry security proposal

rdebry at us1.ibm.com rdebry at us1.ibm.com
Mon Nov 25 07:44:45 EST 1996


I read 1945 as authorization it NOT typically included, but sent only when
requested by the server. However, I agree that the specification leaves soem
room for interpretation.

---------------------- Forwarded by Roger K Debry/Boulder/IBM on 11/25/96 05:32
AM ---------------------------

        ipp-owner @ pwg.org
        11/23/96 12:31 AM

To: ipp @ pwg.org at internet
Subject: Re: deBry security proposal

I would like to know if Authorization is typically included with an HTTP message
or only if a server requests it.  RFC 1945 is unclear on this point.

I ask this because I would like one form of security to be where the client (not
the end-user) automatically sends an attribute at the HTTP level with the user's
name and ideally the domain name as well.

Such values could implement the attributes operation-user-name and
operation-host-name.  This mechanism would allow a lightweight security
mechanism that would work in cooperative environments where people don't want to
deal with passwords but also don't want to cancel other people's jobs

I think that this is one case that Roger missed in his enumeration of possible
security mechanisms.

Bob Herriot

More information about the Ipp mailing list