Basic Authentication

lightweight approach to WebApp HTTP authentication (the one that automatically pops up a login box) - the username and password are encoded, but in a way (base64) that is brainless to decode, so it doesn't offer any real Security.

the id/pw is re-submitted with every request to that domain/host/port (realm?) until the browser quits.

  • There is no "logout" function possible

  • if you want to run multiple servers on different ports/hosts, that id can't follow along

  • you don't have a pretty login form to provide context around the fields themselves

The problem with non-Basic Authentication models of WebApp login:

  • there's no real standard of how to "do it" (patterns of user interface, or data management)

  • so automated tools (e.g. RssAggregator) can't log in (or am I wrong?)

  • note there is some agreement on the XmlRpc model

You probably want to support both models together. But I don't think this can be done all that smoothly...


Edited:    |       |    Search Twitter for discussion