IPP> Re: deBry security proposal

IPP> Re: deBry security proposal

rdebry at us1.ibm.com rdebry at us1.ibm.com
Mon Nov 25 07:44:45 EST 1996


Classification:
Prologue:
Epilogue:


I read 1945 as authorization it NOT typically included, but sent only when
requested by the server. However, I agree that the specification leaves soem
room for interpretation.


---------------------- Forwarded by Roger K Debry/Boulder/IBM on 11/25/96 05:32
AM ---------------------------


        ipp-owner @ pwg.org
        11/23/96 12:31 AM




To: ipp @ pwg.org at internet
cc:
Subject: Re: deBry security proposal




I would like to know if Authorization is typically included with an HTTP message
or only if a server requests it.  RFC 1945 is unclear on this point.


I ask this because I would like one form of security to be where the client (not
the end-user) automatically sends an attribute at the HTTP level with the user's
name and ideally the domain name as well.


Such values could implement the attributes operation-user-name and
operation-host-name.  This mechanism would allow a lightweight security
mechanism that would work in cooperative environments where people don't want to
deal with passwords but also don't want to cancel other people's jobs
accidentally.


I think that this is one case that Roger missed in his enumeration of possible
security mechanisms.


Bob Herriot



More information about the Ipp mailing list