[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 140 - DPWS - Clean up HTTP authentication
|
This issue is assigned the number 140. For further
discussions on this issue, please refer to this issue number or use this
thread. From: Dan Driscoll Document: DPWS DPWS takes an inconsistent stand on HTTP Basic Authentication.
R4069 requires support. R4069: CLIENTs and DEVICEs MUST support
HTTP Basic Authentication. But the HTTP authentication section (part of 7.1.10) is
written such that HTTP auth is only used if the device requires it. If HTTP
auth is an optional part of the security model (on top of TLS/SSL
authentication with x.509 certificates) the requirements around HTTP auth
should be cleaned up so its use is described, but is not mandatory in all
cases. We discussed the use of HTTP auth at the 2nd F2F
meeting. There was some discussion about scenarios where HTTP auth could
be useful—I would like to hear more about these scenarios. Proposed change: Relax HTTP authentication so it is
optional for clients and devices that only wish to use x.509 authentication. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]