W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: Issue 141: "should we have an auth scheme registry"

From: Cyrus Daboo <cyrus@daboo.name>
Date: Tue, 28 Sep 2010 11:37:30 -0400
To: Julian Reschke <julian.reschke@gmx.de>
cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <8A13A286D019DA86EE4DD8F3@caldav.corp.apple.com>
Hi Julian,

--On September 28, 2010 5:32:28 PM +0200 Julian Reschke 
<julian.reschke@gmx.de> wrote:

>> SASL has an auth scheme registry
>> (<http://www.iana.org/assignments/sasl-mechanisms>). We can probably
>> model ours after that (possibly adjusting if there are known problems
>> with the SASL one). One thing the SASL registry has is the "Usage"
>
> You mean:
>
>    Intended usage: (One of COMMON, LIMITED USE, or OBSOLETE)
>
> ? I can see that this might be useful, but in that case we should
> consider that for all of our registries...

Sure.

>> column which I think we definitely should adopt. Also, the possibility
>> of registering a "family" of schemes through use of a wildcard
>> indicator, e.g. "GS2-*" used in SASL.
>
> I'm not convinced this is needed; after all, we haven't had a registry up
> until now.
>
> SASL has a different registration requirements for single names and
> family of names; when you register a family of names you essentially
> delegate a part of the space of names to another spec -- do we really
> want that?

Take a look at <http://tools.ietf.org/id/draft-johansson-http-gss-05.txt> 
which actually tried to define an HTTP auth registry. Whilst that has 
expired, I think there still might be interest in pursuing it.

-- 
Cyrus Daboo
Received on Tuesday, 28 September 2010 15:38:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:25 GMT