The authentication layer does need to support a challenge response handshake of messages.
As Anil will tell you I want to be able to use SRP in the web tier and it also requires a
handshake. This is not really much different than basic auth sending a 401 challenge to
force an authorization header.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967398#...
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...