You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Initial requirements for WebDAV-AFS project:

  • Users should be able to use any, or most, WebDAV clients
  • User's passwords must not be exposed to others
  • The system must scale so that we can offer the service to the entire MIT community

If the server will prompt the user for username and passwords, then the server must be operated by NIST by the time the project reaches the pilot stage. This is an ITAG policy.

It may desireable for this project to leverage the infrastructure being created by the WebSSO project but that is not a firm requirement at this time.

The WebDAV protocol is designed to run on top of HTTP. WebDAV does not specify any new authentication mechanisms, instead it defers to HTTP's mechanisms. HTTP currently only defines basic and digest authentication. Most more sophisticated web applications use the presentation layer of the browser to add more sophisticated mechanisms to the session. WebDAV clients do not normally provide a rich presentation layer where the server can introduce new security methods.

One possible implementation method would be to create a proxy server that would have uber privileges and AFS would trust the server to do the right thing in all circumstances. This solution will not be investigated. Such a design is considered unacceptable from the start.

  • No labels