[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [p2-dev] Repository download addressing questions

Thanks,
I will do something simple until the more advanced authenticator is available.


On Mar 9, 2009, at 4:55 PM, Henrich Kraemer wrote:

I am working on some provisional API target for ECF which would support RFC 2617 'HTTP Authentication: Basic and Digest Access Authentication'. It is general and extensible to allow for authentication types beyond BASIC and DIGEST mentioned in that RFC. For example for NTLM authentication in environments that have not implemented this using a Windows integration (Single sign on).
The API will allow the caller to differentiate the credentials needed based on the realm. However this may not be contributed early enough and as it presumably will be provisional may not be something that P2 would take advantage of at this time.
I would guess that if P2 could determine where the repository URI's root is, it could associated the credentials with that. So that users would not be asked again for any folders below that. This would require to have all files in repositories use the same credentials which does not seem like much of a limitation to me.

Hope this helps,

Henrich


<graycol.gif>Henrik Lindberg <henrik.lindberg@xxxxxxxxxxxxxx>


<ecblank.gif>
To
<ecblank.gif>
P2 developer discussions <p2-dev@xxxxxxxxxxx>
<ecblank.gif>
cc
<ecblank.gif>
p2-dev-bounces@xxxxxxxxxxx, Henrich Kraemer/Beaverton/IBM@IBMUS
<ecblank.gif>
Subject
<ecblank.gif>
Re: [p2-dev] Repository download addressing questions
<ecblank.gif><ecblank.gif>

On Mar 9, 2009, at 4:46 AM, Pascal Rapicault wrote:

      > (1) Is it reasonable to enforce that everything to download from
      > repositories is adressed by URI ?
      yes. While manipulating URIs, make sure to use URIUtils
Great!
      > (2) What is the correct scope for remembering username/passwords?
      There was discussion to add something along those lines in ECF. You may want to verify what is going on and if we would not be better of joining effort there. Otherwise what you propose makes sense and would solve
      256281. Could there be case where two folders in the domain be constrained by a different pwd for each user in which case persisting the info at domain level would cause problems?
ok. The most common case would be that one user has one login/password to one domain, but the case where different directories has different usernames/passwords would not be surprising. However, name/pwd was stored for the domain, only users using repositories with the more uncommon scenario would be affected - they could always enter the new password for a more detailed path. That would be both easy to implement and easier for a user to understand.


Henrik Lindberg
henrik.lindberg@xxxxxxxxxxxxxx

GIF image