>>>>> "Nicolas" == Nicolas Williams <[log in to unmask]> writes: Nicolas> On Mon, May 10, 2010 at 11:01:47AM -0400, Sam Hartman wrote: >> I'd been hoping to cut a corner with the HTTP negotiate >> mechanism. In particular, I had been hoping that we could assume >> that all the round trips would happen over a single HTTP >> connection. I know, I know, HTTP doesn't work that way. Nicolas> Yet isn't that [multiple round-trips] something that Nicolas> HTTP/Negotiate purportedly supports? >> However I thought it was going to be fairly complicated to do >> something else. Nicolas> I don't think it should be. I've long thought that Nicolas> security contexts could and should be setup by POSTing each Nicolas> round-trip to some URL. >> The more I think about this though,the more I believe that we're >> actually going to need to support Leif's mechanism for partial >> context export. Nicolas> I don't see how you can avoid it. I also don't see the Nicolas> problem. As I've been working through things I'm also not seeing a huge problem. More work, but I think necessary work.