xml-dev - Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

[ Lists Home | Date Index | Thread Index ]

To: Alaric B Snell <alaric@alaric-snell.com>
Subject: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
From: Rich Salz <rsalz@datapower.com>
Date: Thu, 08 Jan 2004 13:12:54 -0500
Cc: xml-dev@lists.xml.org
In-reply-to: <3FFD7817.509@alaric-snell.com>
References: <20040108000125.GI31886@mercury.ccil.org> <Pine.LNX.4.44L0.0401072052010.11874-100000@smtp.datapower.com> <20040108115451.GP31886@mercury.ccil.org> <3FFD4836.4000705@alaric-snell.com> <p06010202bc230c579249@[192.168.254.4]> <3FFD7817.509@alaric-snell.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030507

Alaric B Snell wrote:
> I came across a page that reminded me of another downside to HTTP auth - 
> there's no way for the server to cancel the session if it believes the 
> session might be compromised

The HTTP RFC actually calls this out in the security considerations 
section.  RFC 2616, section 15.6.  The words there are not encouraging.
	/r$
-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

References:
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: John Cowan <cowan@mercury.ccil.org>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Rich Salz <rsalz@datapower.com>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: John Cowan <cowan@mercury.ccil.org>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Alaric B Snell <alaric@alaric-snell.com>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call forParticipation
  - From: Elliotte Rusty Harold <elharo@metalab.unc.edu>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Alaric B Snell <alaric@alaric-snell.com>

Prev by Date: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by Date: Re: [xml-dev] Why is xml:base a URI *reference*?
Previous by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Index(es):
- Date
- Thread