http authentication methods

hi
which authentication methods are http. I know that Basic authentication is http. client-cert is https. so it does not come as http. how about digest and form. are these j2ee authentication mechanisms?

Hi Vani,

there are not much more HTTP authentication methods besides HTTP basic and digest authentication. There are some rare forms like NTLM (LAN manager) and Kerberos authentication which are more or less Windows specific. Maybe a login via login form can be considered HTTP authentication, too. In my opinion authentication with SSL/TLS certificates is HTTP authentication as well just with an additional encryption layer.

Marco

hi Marco
does that mean all four(b) ofasic digest, client-cert and form them are http authentication mechanisms? I see some questions asking which of them are http authentication methods.

Hello Vani,

I guess the term "HTTP authentication" is simply too blurry here. Some people use it as a synonym for HTTP BASIC authentication, others will mean one or more of the methods I wrote in my last post. I personally would consider them all HTTP authentication mechanisms because we're talking here about applications which are based on the HTTP/HTTPS protocol. Technically this isn't 100% correct because SSL/TLS for example communicates directly over TCP and is therefore one network layer below HTTP(S). In contrast in RFC 2617 only HTTP basic and digest authentication are discussed.

So in my opinion the "correct" answer surely depends on the context and people you're talking to! Sorry that I can't give you a perfect answer but I think there even is no strict definition of "HTTP authentication" in general.

Marco

thanks marco, i will try to get the exact question next time. after reading your reply, i am a bit doubtful about question.

It wasn't my intention to confuse you even more

If we're talking about exam question, well that's another thing. If the authors (think they) have a strict definition for such a vague term, you will have no chance but to learn the right answer - regardless whether it makes much sense or not. But I wouldn't worry too much about such subtle difference for "real" life ;-)

Marco

But I wouldn't worry too much about such subtle difference for "real" life ;-)

nice.. i hope to get there some time soon.
thank you for your support.

You're welcome ;-)

If you'd be asking ten people this question, I'm sure you would be getting at least three or four "correct" answers. So don't worry about such details and take care of more important things!

Marco

as i understand it. when you are asked in the mock exam questions: what are the two http authentication methods.

The answer is: HTTP basic and digest authentication

This makes perfect sense as these two are directly integrated into HTTP.