On Fri, 2006-05-19 at 11:48 +0100, Mike Taylor wrote:
> Rob's model:
> > Client sends x-username and x-password params
> > On fail:
> > Server responds with Diagnostic 3 (Authentication error)
> > On success:
> > Server responds with:
> > <extraResponseData>
> > <ext:authenticationToken xmlns:ext="info:srw/extension/2/auth-1.0">
> > abcd1234
> > </ext:authenticationToken>
> > </extraResponseData>
> > And there-after, the client sends x-authenticationToken=abcd1234
>
> Looks good to me.
Others who have weighed in on the topic, is this the sort of thing you
would expect to:
a) be sufficient for your requirements, or projected requirements
b) be acceptable to you, and/or your partners
c) not confuse the matter (given that there /are/ other means of auth'n)
If there's no objections, I'll write up the changes to the extension
document.
Rob
--
Dr Robert Sanderson
Dept of Computer Science, University of Liverpool
Home: http://www.csc.liv.ac.uk/~azaroth/
Cheshire: http://www.cheshire3.org/
|