- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 13 Dec 2010 16:39:22 +0100
- To: Peter Saint-Andre <stpeter@stpeter.im>
- CC: http-auth@ietf.org, "kitten@ietf.org" <kitten@ietf.org>, websec@ietf.org, saag@ietf.org, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
On 10.12.2010 23:53, Peter Saint-Andre wrote: > Is it time to start thinking about next-generation authentication > technologies for HTTP? > > We all know that BASIC and DIGEST are ancient and crufty and lacking > many features and security properties we might want, but there hasn't > been much discussion about more modern approaches. Here are a few things > I've found: > ... Probably. But while doing so, we need to look at the existing base as well. HTTPbis now includes the HTTP authentication framework (essentially RFC2617 minus Basic and Digest). The HTTPbis WG is interested on feedback on the remaining issues (such as Realm required?, and considerations for new schemes). Also, I believe Basic is not going to go away, and I'd really like to fix its I18N problem. Proposal here: <http://greenbytes.de/tech/webdav/draft-reschke-basicauth-enc-01.html>. Best regards, Julian
Received on Monday, 13 December 2010 15:39:58 UTC