Re: deBry security proposal

Robert Herriot (robert.herriot@Eng.Sun.COM)
Fri, 22 Nov 1996 23:27:52 -0800

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Robert Herriot: "Re: New Internet-Draft Request"
• Previous message: Robert Herriot: "Re: New Internet-Draft Request"

I would like to know if Authorization is typically included with an HTTP message or only
if a server requests it. RFC 1945 is unclear on this point.

I ask this because I would like one form of security to be where the client (not the end-user)
automatically sends an attribute at the HTTP level with the user's name and ideally the
domain name as well.

Such values could implement the attributes operation-user-name and operation-host-name. This
mechanism would allow a lightweight security mechanism that would work in cooperative
environments where people don't want to deal with passwords but also don't want to
cancel other people's jobs accidentally.

I think that this is one case that Roger missed in his enumeration of possible security
mechanisms.

Bob Herriot

• Next message: Robert Herriot: "Re: New Internet-Draft Request"
• Previous message: Robert Herriot: "Re: New Internet-Draft Request"

Comments are owned by the poster. All other material is Copyright © 2001-2024 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster