...
If the server will prompt the user for username and passwords, then the server must be operated by NIST by the time the project reaches the pilot stage. This is an ITAG policy.
It may desireable be desirable for this project to leverage the infrastructure being created by the WebSSO project but that is not a firm requirement at this time.
The project should support the use of non-null instance user identifiers, e.g. JohnDoe@ATHENA.MIT.EDU and JohnDoe/root@ATHENA.MIT.EDU.
The WebDAV protocol is designed to run on top of HTTP. WebDAV does not specify any new authentication mechanisms, instead it defers to HTTP's mechanisms. HTTP currently only defines basic and digest authentication. Most more sophisticated web applications use the presentation layer of the browser to add more sophisticated mechanisms to the session. WebDAV clients do not normally provide a rich presentation layer where the server can introduce new security methods.
...