Skip to main content

Mediated Digest Authentication

Document Type Expired Internet-Draft (http WG)
Expired & archived
Author Dr. Dave Raggett
Last updated 1995-04-10
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


As the number of commercial services on the world wide web increases rapidly, the need arises for a means for these services to authenticate clients, and vice versa. A simple scheme can be based on keyed hash functions with a shared secret key for each client/server pair. Key management becomes impractical for both clients and servers when the number of participants is scaled up. This document describes a efficient scheme for using mutually trusted third parties to mediate authentication, as a direct extension of the digest access authentication scheme. The scheme is based upon public domain algorithms, and unlike encryption software, isn't subject to export restrictions. The main benefits to users include: avoiding having to enter separate user names and passwords for each service, and an ability to authenticate servers. It is proposed that the mediated digest authentication scheme be included in the proposed HTTP/1.1 specification.


Dr. Dave Raggett

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)