tis 2012-02-21 klockan 19:50 +0100 skrev Julian Reschke: > Well, we have an existing authentication framework. It would be > interesting to find out what's missing from it. My take is better secure authentication schemes (not plaintext password based) which is cleanly specified to a level that implementations actually interop properly, and the ability for site owners (and proxies) to influence how the login process is presented to users in a safe manner that do not collide with preceived https security or makes a mess for matchine<->machine communication not involving humans. The existing HTTP auth framework works in general very well for machine<->machine. This said I have used HTTP Digest authentication quite successfully (but with a number of interop workarounds) with non-tech users using the default login box, only providing a good error response message seen if the user cacels of fails the login. Regards Henrik _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf