W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: [httpauth] Mutual authentication proposal

From: Yutaka OIWA <y.oiwa@aist.go.jp>
Date: Wed, 13 Jun 2012 12:49:59 +0900
Message-ID: <CAMeZVwsUmBVDYduXh06gy-FzBiyyP=B=HRvWFYkaZ5xtxqMr9Q@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>, "http-auth@ietf.org" <http-auth@ietf.org>
I put some document about some design decisions of
our protocol on the wiki.

It is available from
http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals/MutualAuth/LayeringDesigns

Hope this will help you understanding how the things work.

2012/6/5 Yutaka OIWA <y.oiwa@aist.go.jp>:
> Dear all,
>
> I created Wiki pages for my proposals:
>
> http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals/MutualAuth
> http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals/AuthExtension
>
> I hope you will feel the information helpful.
>
> Cheers,
>
> Yutaka
>
> 2012/6/4 Yutaka OIWA <y.oiwa@aist.go.jp>:
>> Dear all,
>>
>> with a few corrections from the May-21st draft,
>> I submitted the HTTP Mutual authentication draft as an httpbis proposal.
>>
>> The proposal consists of two parts:
>>
>> <http://www.ietf.org/id/draft-oiwa-httpbis-mutualauth-00.txt>
>> is the core proposal for HTTP Mutual authentication,
>> using RFC 2617 architecture.
>>
>> <http://www.ietf.org/id/draft-oiwa-httpbis-auth-extension-00.txt>
>> is the important companion draft for generic extensions
>> which makes HTTP authentication useful again with
>> many Web applications.
>>
>> The proposal is (both documents are) HTTP/1.1 compatible, and
>> as far as core HTTP request/response semantics are kept,
>> it should work with future HTTP/2.0, too.
>>
>> I will set up wiki pages for these around tomorrow or so.
>> It will include information on available reference implementations,
>> some more introductions and so on.
>> I hope you will enjoy the proposed solution.
>>
>> Following previous suggestions on http-auth, crypto primitive choices
>> are kept for future discussions.  One of primitive candidates,
>> which is now for an "example" or "reference" purpose,
>> is available as an "individual" draft at
>> <http://tools.ietf.org/html/draft-oiwa-http-mutualauth-algo-02>.
>> To implement the core proposal now, please refer this, too.
>>
>>
>> P. S.
>> I also incremented the individual draft revisions for book-keeping purpose.
>> (One of these depends on the revision numbers embedded to the protocol).
>> Contents of these are exactly the same as httpbis-proposed versions.
>>
>> --
>> Yutaka OIWA, Ph.D.              Leader, Software Reliability Research Group
>>                              Research Institute for Secure Systems (RISEC)
>>    National Institute of Advanced Industrial Science and Technology (AIST)
>>                      Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
>> OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]
>
>
>
> --
> Yutaka OIWA, Ph.D.              Leader, Software Reliability Research Group
>                              Research Institute for Secure Systems (RISEC)
>    National Institute of Advanced Industrial Science and Technology (AIST)
>                      Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
> OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]



-- 
Yutaka OIWA, Ph.D.              Leader, Software Reliability Research Group
                             Research Institute for Secure Systems (RISEC)
   National Institute of Advanced Industrial Science and Technology (AIST)
                     Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]
Received on Wednesday, 13 June 2012 03:50:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 13 June 2012 03:50:52 GMT