New results seem to have stopped coming in, so I think it's time to wrap up the results from the initial HTTP digest authentication tests. Bottom line: every significant browser except Netscape 4.x and Lynx supports HTTP digest authentication as implemented by Apache 2.0. Specifically, Internet Explorer 5.0 and later (4.0 and later on the Mac) supports HTTP digest authentication, reports to the contrary notwithstanding, at least for simple cases.
It is still possible that some more complex URLs using query strings, percent escapes, and/or fragment identifiers have interoperability issues. It is also possible that there are interoperability issues with POST if not GET. I need to cook up some tests for these possibilities. However, at a minimum, we have discovered that HTTP digest authentication is much more prevalent in the installed base than was previously thought. It should at least be offered as a preferred option to BASIC authentication for those browsers that do support it. In 2004, I can live with locking out Netscape 4.x users if I have to to get increased security, but I'm not willing to turn off BASIC authentication until Lynx supports digest authentication. Adding digest authentication to Lynx should be a high priority item. Does anyone know the Lynx developers?
David Tolpin has released RNV 1.4, an open source Relax NG Compact Syntax validator written in ANSI C. Version 1.4 adds RVP,a pipe that receives validation primitives on one end and emits validation diagnostics from the other. RNV is published under a BSD license.
Ernst de Haan has posted xmlenc 0.39, an open
source library for streaming XML output. It's marginally
more convenient than System.out.println()
. However,
it does not guarantee well-formedness of the output, which to my
mind is a sine qa non for any XML output library.