--- Tom wrote:
> At the IPP WG meeting, we agreed to resolution 2 for Issue 3.2. However,
> the IPP telecon today, Ira pointed out that HTTP security is
> connection-based, not transaction-based.
> There is a new experimental RFC
> 2660 for SHTTP (August 1999), which has transaction-based security, but
> don't want IPP to have to use that.
>> So resolution 2 won't work; the challenge has to be issued for the
> connection, not on an operation-by-operation basis. Therefore, each
> different security regime that a Printer supports MUST have a distinct
> What about authentication?
This seems overly general to me. By "HTTP security" are you refering to
Digest authentication, TLS, Kerberos, or what?
You seem to be implying that each operation requires a separate connection.
That is not the normal case for HTTP/1.1: all connections in HTTP/1.1 are
persistent by default. Also, Basic and Digest authentication can work over
non-persistent connections (they worked for HTTP/1.0, didn't they?).
AFAIK, a transaction is a series of operations that succeeds or fails as a
unit, with the properties of atomicity, consistency, isolation and
durability. Is this a new requirement for IPP?