On Feb 24, 2012, at 4:54 AM, Stephen Farrell wrote:
"Proposals for new HTTP authentication schemes are in scope."
How would a plan like the following look to folks:
- httpbis is chartered to include auth mechanism work as
per the above (or whatever text goes into the charter)
- that'll generate a slew of proposals, some good, some
bad, some better-than-current and some too complex
- plan is for httpbis to pick something (one or more if
they want, but one better-than-current one is the goal)
- give all the above a short timeframe (this year, pick
which to work on at the same time as re-chartering for
the details of HTTP/2.0 maybe)
- httpbis pick what they want, (zero or more) and go
do their stuff
- if there's still enough interest in some proposals
that were not picked by httpbis we then try charter a sec
area wg to develop experimental specs for those so
they're off the critical path for httpbis (the rest die
unloved;-)
- those experimental specs would be REQUIRED to work with
http/1.1 and/or http/2.0 (as appropriate) with no change
required to http; that'd be in the charter for that
putative sec wg
- that sec wg charter might also say that the putative
wg is not allowed to add new schemes until the
originally chartered ones are completed (to avoid
people turning up every week with their shiny new
scheme)
Might that be a way forward that'll give enough folks
enough of what they want/need?
It would, but I would like to give a counter-proposal that I think will use
people's different talents better:
- new wg on developing http authentication mechanisms is chartered soon (BoF in
Paris); call it the ham wg
- httpbis is chartered to follow the work of the ham wg and is required to make
sure that the authentication framework in http 2.0 works for as many of the
proposals from the ham wg as possible
- ham wg is responsible for most of what you list above
- http2.0 document says "the mandatory to implement auth mechanisms are named
in that RFC over there", which comes from the ham wg
There will be overlap in wg membership, but not nearly as much as would be
needed for your proposal.
--Paul Hoffman
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf