>>>>> "Josh" == Josh Howlett <[log in to unmask]> writes:
>> I'm a bit confused by the draft because it doesn't seem to actually
>> include the authentication mechanisms, just the goo to put it all
Josh> My reading of this document is that it it is mainly intended to explain
Josh> the motivation for a multi-legged approach, and what this means for HTTP
Josh> as a stateless protocol. Given the nature of the discussions going on
Josh> elsewhere, that's probably a good place to start. I see this and Nico's
Josh> approach as complementary (or, at least, not mutually exclusive), solving
Josh> different use cases.
I thought that.
Nico went over how his draft solves the use cases that fall within
normal HTTP authentication.
I've been convinced that for all the cases I can think of his solution
is at least as good.
However I do agree they don't conflict. The world would be a much better
place than it is today if we end of with nico's approach for
web-application browser-based stuff and the Microsoft approach for
http-authentication layer stuff.