[ no hat ]
On 3/1/12 11:01 AM, Nick Hilliard wrote:
On 01/03/2012 17:50, Peter Saint-Andre wrote:
Stephen and I just had a chat about this matter. He and I came up with a
proposed paragraph to add after that list of bullet points:
In the initial phase of work on HTTP/2.0, new proposals
for authentication schemes can be made. The WG will
select zero or more of those with a goal of choosing
at least one scheme that is better than those available
for HTTP/1.x. Non-selected schemes might be discussed
with the IETF Security Area for further work there.
Your comments are welcome.
Can I suggest you also include authorization capabilities as a core
component of this. It's not much use to have people able to authenticate
themselves to a system if that system doesn't also provide a framework for
allowing the server-side application decide what they can or cannot do.
Feel free to include that in your proposal. :)
Ietf mailing list