W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: Straw-man charter for http-bis

From: Keith Moore <moore@cs.utk.edu>
Date: Wed, 30 May 2007 13:03:23 -0400
Message-ID: <465DAE5B.2070605@cs.utk.edu>
To: Eliot Lear <lear@cisco.com>
CC: Julian Reschke <julian.reschke@gmx.de>, Paul Hoffman <phoffman@imc.org>, Apps Discuss <discuss@apps.ietf.org>, Mark Nottingham <mnot@mnot.net>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>

Eliot Lear wrote:
> Julian Reschke wrote:
>> For instance, RFC2617 needs a revision badly as well (for instance,
>> wrt to I18N of usernames and passwords, and, as far as I can recall,
>> certain problems with the definition of Digest Auth). IMHO; this
>> should occur in a separate working group.
>
> The HTTP auth model needs a lot of work.  Creating an update without
> addressing it seems to me pointless.
Not that I disagree, but sites that are currently using forms+ssl to do
logins aren't going to go back to a model where the browser gets to
control the UI for the username/password prompt.  So maybe what is
needed is an auth model that lets the server give credentials to the
browser, along with some advice for how to use it.  And whatever
mechanism were defined to pass these credentials around would need to be
substantially better than what can currently be done with SSL and
cookies (if that's even possible) otherwise there would be no point in
defining it.

IMHO, the first work item of httpbis should be a defect list for http
1.1 and associated documents.    The next step would be to assess which
defects could reasonably be corrected in a revision to the http document
(probably to recycle at DS).  Then the group could be rechartered to
revise the http specification and to correct other defects that could
reasonably be done by that group.  One or more additional groups could
be spun up to correct the remaining defects.
Received on Wednesday, 30 May 2007 17:04:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:09 GMT