[DAS2] authentication
Ed Erwin
ed_erwin at affymetrix.com
Mon May 22 22:28:20 UTC 2006
I vote for basic auth with optional HTTPS. That seems easy to implement
and HTTPS can be added or not depending on how paranoid the particular
site is.
Just my few cents.
Andrew Dalke wrote:
>>I looked at HTTP digest authentication
>> http://www.ietf.org/rfc/rfc2617.txt
>> http://en.wikipedia.org/wiki/Digest_access_authentication
>
>
> Grr. I came across
> http://bitworking.org/news/Problems_with_HTTP_Authentication_Interop
> which is a parody of the Monty Python Cheeseshop sketch. The
> summary is that digest has a lot of options, different servers
> and client libraries do different things, so the de facto spec
> is different than the written one.
>
> Another solution is through cookies. That's useful for web
> browsers because it supports logout, but for a specialized
> client (like we have) it's less useful.
>
> Grr.
>
> Okay, looks like the solutions are:
> 1. pick a subset of HTTP Digest authentication
> 2. Basic auth over HTTPs
>
> with 1. in the lead.
>
> Andrew
> dalke at dalkescientific.com
>
> _______________________________________________
> DAS2 mailing list
> DAS2 at lists.open-bio.org
> http://lists.open-bio.org/mailman/listinfo/das2
More information about the DAS2
mailing list