[
https://issues.apache.org/jira/browse/CXF-2873?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12885078#action_12885078
]
Sergey Beryozkin commented on CXF-2873:
---------------------------------------
More like the way it is described here :
http://www.xml.com/pub/a/2003/12/17/dive.html
and yes, with nonces, and timestamps or using the derived keys.
If we use the basic auth then HTTPS will have to be set up which may be a bit
of a headache if people just would like to view logs. username (with nonces &
timestamps) is not terribly secure - but it will let users not do HTTPS and it
is just the logs, we're probably talking about some constraint environment, not
the the wild web :-), the nonce store can be simplistic, say, keep 5000 nonces,
and then get rid of them
> Add authentication support (via HTTP basic authentication)
> ----------------------------------------------------------
>
> Key: CXF-2873
> URL: https://issues.apache.org/jira/browse/CXF-2873
> Project: CXF
> Issue Type: Sub-task
> Reporter: Tomasz Oponowicz
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
