W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: Issue 141: "should we have an auth scheme registry"

From: Cyrus Daboo <cyrus@daboo.name>
Date: Wed, 15 Sep 2010 11:50:39 -0400
To: Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <F4915E67D6F1FB87D815191D@caldav.corp.apple.com>
Hi Julian,

--On September 15, 2010 2:39:45 PM +0200 Julian Reschke 
<julian.reschke@gmx.de> wrote:

>> this issue has been waiting for the authentication framework to become
>> part of P7. Now that this has been resolved experimentally (pending IESG
>> approval), we can get back to it.
>>
>> Things to decide:
>>
>> 1) What kind of registration requirements do we want to have?
>>
>> 2) How do we populate the registry?
>>
>> 3) Which schemes do we want to populate the registry with?
>>
>> Proposal:
>>
>> 1) Same as status codes and method names, meaning "IETF Review", as
>> defined in <http://tools.ietf.org/html/rfc5226#section-4.1>:
>> ...
>
> Clarifying (after getting an off-list question): yes, this would allow
> Informational and Experimental RFCs (when using the IETF stream).

SASL has an auth scheme registry 
(<http://www.iana.org/assignments/sasl-mechanisms>). We can probably model 
ours after that (possibly adjusting if there are known problems with the 
SASL one). One thing the SASL registry has is the "Usage" column which I 
think we definitely should adopt. Also, the possibility of registering a 
"family" of schemes through use of a wildcard indicator, e.g. "GS2-*" used 
in SASL.

-- 
Cyrus Daboo
Received on Wednesday, 15 September 2010 15:51:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:25 GMT