IPP Mail Archive: Re: deBry security proposal

Re: deBry security proposal

Robert Herriot (robert.herriot@Eng.Sun.COM)
Fri, 22 Nov 1996 23:27:52 -0800

I would like to know if Authorization is typically included with an HTTP message or only
if a server requests it. RFC 1945 is unclear on this point.

I ask this because I would like one form of security to be where the client (not the end-user)
automatically sends an attribute at the HTTP level with the user's name and ideally the
domain name as well.

Such values could implement the attributes operation-user-name and operation-host-name. This
mechanism would allow a lightweight security mechanism that would work in cooperative
environments where people don't want to deal with passwords but also don't want to
cancel other people's jobs accidentally.

I think that this is one case that Roger missed in his enumeration of possible security
mechanisms.

Bob Herriot