The choices for security are:
(1) http basic authentication
- not really secure, but probably viable within a trusted environment
where security is not an issue. Probably used only for identification,
possibly only for accounting purposes. Does not provide any
message protection.
(2) http digest access authentication
- not stong authentication, but viable within a trusted environment
where one wants a lightweight solution but does not want passwords
sent in the clear as in basic authentication. Would be used when
authorization to use resources is required. Does not provide any
message protection.
(3) SSL or TLS
- strong security when operating outside of a trusted environment. Does
require more infrastructure to support. Would be required when strong
authentication or message protection (privacy, integrity, non-repudiation)
is needed.
Given this set of choices, it seems that we only need something in the directory
that says this Printer requires some authentication to get to it (could be any
of
(1), (2), or (3). That is, if I want to use this Printer I must be prepared to
offer some
credentials.
A Printer that supports (1) or (2) simply uses the existing http
authentication mechanisms. A Printer which uses (3) would
advertise a URI that would indicate SSL or TLS was to be used in the http
session.
Roger K deBry
Senior Techncial Staff Member
Architecture and Technology
IBM Printing Systems
email: rdebry@us.ibm.com
phone: 1-303-924-4080