From: Manros, Carl-Uno B [mailto:cmanros at cp10.es.xerox.com]
Sent: Thursday, March 18, 1999 1:53 PM
To: Paul Moore; Josh Cohen
Subject: MOD - Proposed new functionality for clients to invoke HTTP
One of your "issue" comments in last week's bake-off was the suggestion to
introduce a new optional operation, which would help the client to
indirectly invoke the Basic or DAA security services of HTTP.
Here are few questions for you, which I would like to get clarified before
1) What was the user requirement that you saw which led up the proposal,
considering that the IPP client can already invoke SSL3 in IPP/1.0 and TLS
in IPP/1.1, and that HTTP security is limited to client authentication?
If a server supports anon and basic, even if I have a userid and password my
jobs get submitted as anonymous
2) Is it correct that you would like to see this an OPTIONAL extension, and
if so, is it suggested for both IPP/1.0 and IPP/1.1?
3) It seems to me that you are trying to add functionality to HTTP/1.1
rather than IPP. Wouldn't a better solution be to provide the added
functionality in HTTP instead, e.g. by using the HTTP Upgrade Header, which
we use for invoking TLS in IPP/1.1?
yes - but l ife it too short for that kind of thing!
Principal Engineer - Xerox Architecture Center - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros at cp10.es.xerox.com