[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Distinguishing Basic HTTP authentication mechanisms from form-auth
I have a colleague that's been working on the use of SAML with WebDAV, and one issue that's arising is the need to identify endpoints at an IdP that can support Basic authentication (or possibly other browser-aware approaches) from techniques like forms that an HTTP client isn't aware of. This isn't something that's easily captured by the existing context classes, since the authentication interaction is a finer-grained distinction on top of things like PasswordProtectedTransport. Has anybody had to deal with this before? It seemed to me the two likely options, other than a combinatorial explosion of context classes, would be using declaration references instead of classes, or actually exposing something about the technical details in a metadata extension in the SSO endpoint elements. The problem with declaration references is that they just don't scale all that well without coordination between systems. Classes work well globally mainly because OASIS defines the strings. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]