Re: Rechartering HTTPbis

Ø  Its not clear where in the charter proposal you are getting the idea

Ø  from that this is a redesign of network application programming APIs.

I didn't get that idea from the proposal.  My point was that IMO HTTP/HTML has been kludged into a network transparent application programming framework (NTAPF), and maybe it is time to acknowledge that, and make sure that work on HTTP 1.2 (or 2.0, or what have you) explicitly and consciously acknowledge that the time has come for a split.  In 1.2, return to the idea of HTTP/HTML as a public information/content delivery service that has no interactivity requirements and requires only minimal security.

Then start an entirely new group dedicated to creating a valid and well thought out NTAPF.


Ø  Please no. Intermediaries often get caught in the middle (pun intended)

Ø  of disputes about website A credentials being given to untrustworthy

Ø  website B accidentally because the client was using SSO to website A.

Websites.  Exactly so!  WEBSITES.  You are still thinking in terms of kludging security into/onto a system that is philosophically, and very fundamentally not designed for NTAPF.

Kerberos is actually designed for SSO, and the problems that (I think, but could have misunderstood you) you raise are due to starting with this premise of kludging K5 onto web sites.  The Kerberos domain model would actually be perfect on the wild net, solving the very problems you raise, IF not forced into the "web application" model.

Thanks for your rely.  Not that I expected any one to take me seriously, and indeed, the idea I put forth is almost certain to be seen as heresy, so I expected only to be ignored.  Feel free to take it as a partially serious, partially comic statement.

John S.

   "A kludge evolves from bad idea implemented to make schedule, to tradition, to finally becoming a fixed and immovable fact because we built so much on top of it."