xml-dev - Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call forParticipation

Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call forParticipation

[ Lists Home | Date Index | Thread Index ]

To: Rich Salz <rsalz@datapower.com>
Subject: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call forParticipation
From: Elliotte Rusty Harold <elharo@metalab.unc.edu>
Date: Thu, 8 Jan 2004 16:29:32 -0500
Cc: xml-dev@lists.xml.org
In-reply-to: <3FFD992C.1000801@datapower.com>
References: <20040108000125.GI31886@mercury.ccil.org><Pine.LNX.4.44L0.0401072052010.11874-100000@smtp.datapower.com><20040108115451.GP31886@mercury.ccil.org><3FFD4836.4000705@alaric-snell.com><p06010202bc230c579249@[192.168.254.4]> <3FFD7817.509@alaric-snell.com><p06010209bc233f0179a9@[192.168.254.4]> <3FFD992C.1000801@datapower.com>

At 12:53 PM -0500 1/8/04, Rich Salz wrote:

>Given the recent messages and links about digest, I think we have to 
>admit that it's a non-interoperable mechanism that's only slightly 
>better than basic-auth and it's client-side management facilities 
>and end-user knowledge is worse than cookies.

I certainly don't agree that client side management is worse than 
cookies. In the browser's I use the mechanisms for managing user 
names and passwords on the client side, while certainly not something 
I'd like my mother to rely on and in definite need of improvement, 
are clearly better than those for managing cookies.

I'm not sure what you mean by "end-user knowledge" in this context. 
If it's ease of use, then again I think the password storage 
mechanisms are better than the cookie mechanisms. But maybe you meant 
something else?

It may well be that digest authentication is uninteroperable on the 
web as it exists today. However, that hasn't been shown to be the 
case yet. The references I've seen so far are several years old. It's 
entirely possible the problems have been fixed by now, or can be 
fixed on the server side. Does anyone have current information about 
the state of digest authentication?

-- 

   Elliotte Rusty Harold
   elharo@metalab.unc.edu
   Effective XML (Addison-Wesley, 2003)
   http://www.cafeconleche.org/books/effectivexml
   http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA

Follow-Ups:
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Rich Salz <rsalz@datapower.com>

References:
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: John Cowan <cowan@mercury.ccil.org>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Rich Salz <rsalz@datapower.com>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: John Cowan <cowan@mercury.ccil.org>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Alaric B Snell <alaric@alaric-snell.com>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call forParticipation
  - From: Elliotte Rusty Harold <elharo@metalab.unc.edu>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Alaric B Snell <alaric@alaric-snell.com>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call forParticipation
  - From: Elliotte Rusty Harold <elharo@metalab.unc.edu>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Rich Salz <rsalz@datapower.com>

Prev by Date: Re: [xml-dev] Why is xml:base a URI *reference*?
Next by Date: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call forParticipation
Previous by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Index(es):
- Date
- Thread