W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2010

Re: Issue 141: "should we have an auth scheme registry"

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 07 Oct 2010 17:23:22 +0200
Message-ID: <4CADE5EA.4000509@gmx.de>
To: Cyrus Daboo <cyrus@daboo.name>
CC: HTTP Working Group <ietf-http-wg@w3.org>
On 28.09.2010 18:00, Julian Reschke wrote:
> On 28.09.2010 17:37, Cyrus Daboo wrote:
>> ...
>>> SASL has a different registration requirements for single names and
>>> family of names; when you register a family of names you essentially
>>> delegate a part of the space of names to another spec -- do we really
>>> want that?
>>
>> Take a look at
>> <http://tools.ietf.org/id/draft-johansson-http-gss-05.txt> which
>> actually tried to define an HTTP auth registry. Whilst that has expired,
>> I think there still might be interest in pursuing it.
>> ...
>
> As far as I can tell, this didn't try to define a generic registry...
>
> Anyway: if there's a "family" of schemes, defined by the same
> specification, wouldn't it make more sense to have a single scheme name,
> and then dispatch depending on a scheme parameter instead?
>
> So instead of
>
> WWW-Authenticate: FOO-BAR realm="realm"
>
> one would use
>
> WWW-Authenticate: FOO realm="realm" type="BAR"
>
> ?
>
> This would simplify the registry dramatically.
 > ...

OK,

for now I have added minimal text establishing a registry; see 
<http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1026>; I'm sure 
that we will want to say more about the requirements.

I also added <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/247> 
("consider adding an "intended usage" field to our IANA registries"); to 
me appears like an orthogonal issue, and it would apply to more than 
this registry.

I haven't added the separate spec registering Basic and Digest yet.

Best regards, Julian
Received on Thursday, 7 October 2010 15:24:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:28 GMT