ABSTRACT
The application area of the Hypertext Transfer Protocol (HTTP) becomes larger and larger. While it was originally intended as the protocol to transfer HTML files, it is increasingly used by other applications. One reason is that the port assigned to HTTP is almost never blocked by a firewall. Thus, running an application on top of HTTP allows to communicate through network security elements such as packet filters. Examples for such applications are web mail and Web-based Distributed Authoring and Versioning (WebDAV) [1,2]. Since these web services contain no security features in their specification, they depend
ZURA: “2824_C045” — 2005/6/21 — 20:06 — page 2 — #2
on security provided by HTTP or lower protocol layers. Most implementations of protocols below HTTP do not provide user authentication, hence this service is offered by extensions to HTTP, namely basic and Digest Access Authentication (DAA) [3].
