xml-dev - Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

[ Lists Home | Date Index | Thread Index ]

To: Joshua Allen <joshuaa@microsoft.com>
Subject: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
From: Rich Salz <rsalz@datapower.com>
Date: Mon, 05 Jan 2004 15:48:32 -0500
Cc: Elliotte Rusty Harold <elharo@metalab.unc.edu>, Edd Dumbill <edd@usefulinc.com>,David Kunkel <DKunkel@idealliance.org>, XML-DEV <xml-dev@lists.xml.org>
In-reply-to: <0E36FD96D96FCA4AA8E8F2D199320E529FBC22@RED-MSG-43.redmond.corp.microsoft.com>
References: <0E36FD96D96FCA4AA8E8F2D199320E529FBC22@RED-MSG-43.redmond.corp.microsoft.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030507

> The login token stored in the cookie can always be embedded in the URL
> path, which is what ASP.NET does when you set the "cookieless auth"
> setting to true.  I've also done this in non-ASP systems

Yeah, I explicitly ignored that kind of thing since it seems it would be 
  an even greater violation of REST, and Elliotte "RESTy" Harold's :) 
initial point.

	/r$
-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

References:
- RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: "Joshua Allen" <joshuaa@microsoft.com>

Prev by Date: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by Date: RE: [xml-dev] Formalism and complexity
Previous by thread: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by thread: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Index(es):
- Date
- Thread