Re: 3 Proposals: session ID, business-card auth, customer auth

Mike Meyer ([email protected])
Tue, 18 Jul 95 09:51:30 PST


> >******* II. The business-card authentication scheme
> >
> >I propose a new http authentication scheme; let's call it
> >"business-card". Its purpose is to facilitate access control policies
> >similar to "I'll show you my information if you'll leave your business
> >card in the bowl."

This does nothing to insure that the information is correct. However,
it's a nice idea, and beats the alternative of a "registration" page
that people can put the same lies on.

> What about the millions of installed browsers which don't have the business
> card authentication scheme built in? Some browsers [Enhanced Mosaic plug]
> might have plug-in security modules, but they're the exception.

Presumably, such a scheme would have use an extension header, ala the
Digest authentication method. Presumably, it would look like:

Extension: Security/Card

Servers that have plug-in and chainable modules [aws plug] could then
either use the Security/Card method if the extension line was in the
headers, or hand back the "registration" page if there was no
extension line.

<mike