W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: Reminder: Call for Proposals - HTTP Authentication

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 2 May 2012 09:30:23 +1000
Cc: <ietf-http-wg@w3.org>
Message-Id: <594FB5C6-C676-43B4-9D4F-586573E24E04@mnot.net>
To: <lionel.morand@orange.com> <lionel.morand@orange.com>
We can certainly discuss it. 

Would you be willing to write up a small Internet-Draft (e.g., 1-2 pages) outlining the proposal and any work you see as necessary (either in modifying the RFC as it progresses, or adding more infrastructure to make it more broadly usable?

Cheers,


On 01/05/2012, at 10:13 PM, <lionel.morand@orange.com> <lionel.morand@orange.com> wrote:

> Hi Mark,
> 
> Of course, to be applicable, the first requirement for SIM-based authentication schemes is to have a SIM card (or software based implementation) and this implies that you have a mobile subscription. 
> However, the authentication mechanism is not contrite to mobile networks and can be typically used over any HTTP-based access, e.g. wifi, adsl, cable, etc., the mobile network being used only for AAA purposes, as trusted 3rd-party.
> Moreover, the terminal itself can be a mobile phone but also any IP-enabled device (e.g. PC, tablet, etc.) providing a API to the SIM card. Moreover, the browser is seen as off-the-shelf application and not mobile specific.
> 
> For the reasons, I was considering that it would be a general interest to reference a standard document instead of an Informational RFC. And this period of "clean-up" of the HTTP documentation seems to be suitable for that.
> 
> Regards,
> 
> Lionel
> 
> -----Message d'origine-----
> De : Mark Nottingham [mailto:mnot@mnot.net] 
> Envoyé : mardi 1 mai 2012 02:57
> À : MORAND Lionel RD-CORE-ISS
> Cc : ietf-http-wg@w3.org
> Objet : Re: Reminder: Call for Proposals - HTTP Authentication
> 
> Hi Lionel,
> 
> Do you know of any use outside of a mobile context? If there's interest, we can certainly look at it, but if it's relegated to just that market (whether or technical or social reasons), I don't think this would necessarily be the right place to advance it to a standard (speaking just for me).
> 
> Cheers,
> 
> 
> On 01/05/2012, at 3:02 AM, <lionel.morand@orange.com> <lionel.morand@orange.com> wrote:
> 
>> Any feedback?
>> 
>> Lionel
>> 
>> -----Message d'origine-----
>> De : MORAND Lionel RD-CORE-ISS 
>> Envoyé : vendredi 27 avril 2012 11:54
>> À : 'Mark Nottingham'; 'HTTP Working Group'
>> Objet : RE: Reminder: Call for Proposals - HTTP Authentication
>> 
>> Hi,
>> 
>> RFC 3310 is informational but used in mobile networks. I think it is worth to consider the interest of defining this mechanism as "standard" HTTP authentication scheme. What should be the process?
>> 
>> In the same line, I have a draft on adaption of RFC3310 for 2G AKA (see. http://tools.ietf.org/id/draft-morand-http-digest-2g-aka-02.txt). I would propose to add it to the list of new potential authentication schemes but only if RFC 3310 is part of the same list. Otherwise, it could be only informal.
>> 
>> Regards,
>> 
>> Lionel 
>> 
>> -----Message d'origine-----
>> De : Mark Nottingham [mailto:mnot@mnot.net] 
>> Envoyé : vendredi 27 avril 2012 07:28
>> À : HTTP Working Group
>> Objet : Reminder: Call for Proposals - HTTP/2.0 and HTTP Authentication
>> 
>> Just a reminder that we're still accepting proposals for:
>> 
>> 1. HTTP/2.0
>> 2. New HTTP authentication schemes
>> 
>> As per our charter <http://datatracker.ietf.org/wg/httpbis/charter/>.
>> 
>> So far, we've received the following proposals applicable to HTTP/2.0:
>> <http://trac.tools.ietf.org/wg/httpbis/trac/wiki/Http2Proposals>
>> 
>> But none yet for authentication schemes:
>> <http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals>
>> 
>> As communicated in Paris, the deadline for proposals is 15 June, 2012. It's fine if your proposal isn't complete, but we do need to have a  good sense of it by then, for discussion.
>> 
>> Regards,
>> 
>> --
>> Mark Nottingham   http://www.mnot.net/
>> 
>> 
>> 
>> 
> 
> --
> Mark Nottingham   http://www.mnot.net/
> 
> 
> 

--
Mark Nottingham
http://www.mnot.net/
Received on Tuesday, 1 May 2012 23:30:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 1 May 2012 23:31:02 GMT