There need not be an explosion of URL's. According to the latest HTTP
Authentication draft (the rfc2069 replacement, should have an RFC# any day),
the server can specify multiple authentication schemes. The client must
choose the strongest HTTP authentication scheme it understands and use that
one.
So it would really look like
URL1 none, none
URL2 HTTP, none
URL3 none, SSL3
URL4 HTTP, SSL3
...
Where HTTP can be Basic, Digest or whatever the client & server agree on.
/John
> -----Original Message-----
> From: Paul Moore [mailto:paulmo at microsoft.com]
> Sent: Monday, March 29, 1999 11:12 AM
> To: 'Herriot, Robert'; ipp at pwg.org> Subject: RE: IPP> MOD - Issue 2: How can client force authentication,
> i.e ., identified mode? Solution #2 preferred
>>> How does trhis work in combination with various secure
> transmission RLS
> (ssl3, TLS, etc).
>> What you would actually need would be a product of all the
> combinations of
> identification and auth/secure channel methods.
>> URL1 = none, none
> URL2 = basic, none
> URL3 = basic, TLS
> URL4 = basic, SSL3
> URL5 = digest, none
> ...
> URL9 = digest, SSL3
>> URL27 = foobar, XYZ
>>>