We plan to support SSL with Basic Auth as a minimum (that is, we will
not support Basic Auth over plain http). We'll likely support
additional proprietary methods as well and I'd be interested in how
people plan to, e.g,. support RSA tokens.
Are the issues you're running into related to Basic Auth, or https? And
would you be interested in sharing your findings? Might be helpful...
-John
James M Snell wrote:
One of the critical requirements for our implementation of APP is SSL
and HTTP authentication (basic for now, eventually, likely something
stronger). Unfortunately, we're finding that a great many of the
available Atom/RSS feed readers on the market don't speak SSL/HTTPS
and have generally poor usability when it comes to http authentication
(e.g., only a handful seem to prompt for authentication on demand and
most will ask for authentication for every feed, even if those feeds
are on the same host and in the same realm.)
What we need to know, at this point, is what other APP implementors
are doing as far as security is concerned. Only clients that can
speak SSL and Basic Auth are going to be able to access our
endpoints. In my personal opinion, all APP clients should be required
to support both, at a minimum.
thoughts?
- James
