UserPreferences

PaceBasicAuthentication


Abstract

Regarding Draft -08. See also PaceFixSecurityConsiderations

Support Basic Authentication.

Status

Proposed

Rationale

There is no justification for excluding Basic authentication.

Proposal

Change section 13 to:

   All instances of publishing Atom Format entries SHOULD be protected
   by authentication to prevent posting or editing by unknown sources.
   Atom Protocol servers and clients MUST support one of the following
   authentication mechanisms, and SHOULD support both.

   o  HTTP Basic Authentication [RFC2617]

   o  HTTP Digest Authentication [RFC2617]

   o  CGI Authentication

   Atom Protocol servers and clients using HTTP Basic Authentication SHOULD
   support encryption of the session using TLS (see [RFC2246]). Servers and
   clients using other autentication methods MAY support encryption of the
   session using TLS.

   There are cases where an authentication mechanism might not be
   required, such as a publicly editable Wiki, or when using POST to
   send comments to a site that does not require authentication from a
   commenter.

Impacts

Notes


CategoryProposals