On 2/22/12 10:31 AM, Paul Hoffman wrote:
The earnest calls for better authentication on this thread appear to
ignore the fact that the very things that are being requested were
put out of scope for the websec WG in their charter. I hope that no
one things that a WG in the Applications Area will be better equipped
to come up with a better authentication mechanism than one in the
Security Area.
The WebSec WG is in the Applications Area.
Asking the HTTPheads to guess what the securityheads might want is
not a good way to design HTTP 2.0.
Probably not.
Proposal: leave the httpbis WG charter as-is and re-charter the
websec WG to consider what is needed in the HTTP authentication
model. Later, recharter the websec WG to, you know, actually do the
security work for authentication.
Or charter a separate WG to focus on HTTP authentication. (You might
recall that the BoF leading to formation of the WebSec WG was entitled
HASMAT = "HTTP Application Security Minus Authentication and Transport"
or somesuch.)
Peter
--
Peter Saint-Andre
https://stpeter.im/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf