Re: [xml-dev] Expertise and Innovation - was Re: [xml-dev] Non-Borg servers can authenticate Borg clients (Was Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation)

["Simon St.Laurent" <simonstl@simonstl.com>]

rsalz@datapower.com (Rich Salz) writes:
>> It's tough when Elliotte's that completely right, but it happens
>> pretty regularly.  Usually when I'm on the other side, unfortunately.
>
>Hey, let's not get carried away.
>
>Just because digest-auth is more interoperable than we all expected,
>doesn't mean it's the right thing to do.  I still strongly stand by my
>arguments against it and in favor of those old-fogey security
mechanisms.

I don't expect the old-fogey security mechanisms to go away any more
than I expect to see SAML implemented in browsers.  

Elliotte does seem to have demonstrated very effectively, however, that
there are not only simpler workable approaches, but that the necessary
components are widely implemented.  They may not cover every case you
can come up with, but it seems to me that he's created a space in the
conversation where new - and easier, and cheaper - things can happen.

-- 
Simon St.Laurent
Ring around the content, a pocket full of brackets
Errors, errors, all fall down!
http://simonstl.com -- http://monasticxml.org