Authentication progress
Mark Taylor
m.b.taylor at bristol.ac.uk
Mon Jun 15 16:43:25 CEST 2020
On Fri, 12 Jun 2020, Mark Taylor wrote:
> Auth-scheme syntax
> ------------------
>
> We can't use SSO ivo-ids as the authentication scheme identifiers
> in the WWW-Authenticate header: RFC7235 says that the auth-scheme
> identifier has to be an RFC7230 token, which disallows the "/" and
> ":" characters. So challenges would have to look like e.g.
>
> WWW-Authenticate: vo-sso-cookie ...
>
> instead of
>
> WWW-Authenticate: ivo://ivoa.net/std/SSO#cookie ...
or maybe tidier:
WWW-Authenticate: vo-sso securitymethod="ivo://ivoa.net/std/SSO#cookie" ...
i.e. we define one authentication scheme with various different
sub-schemes identified by the value of a securitymethod parameter.
If we ever did want to register our authentication scheme(s) with
IANA (which I consider unlikely) this would mean only one registry
entry rather than several.
--
Mark Taylor Astronomical Programmer Physics, Bristol University, UK
m.b.taylor at bris.ac.uk +44-117-9288776 http://www.star.bris.ac.uk/~mbt/
More information about the dsp
mailing list