W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: Barry Leiba <barryleiba@computer.org>
Date: Tue, 21 Feb 2012 17:36:11 -0500
Message-ID: <CAC4RtVB==09BD79S2wesGuZtbsNy3NCwQzKvHUTKNZPG0Br1Gg@mail.gmail.com>
To: Robert Collins <robertc@squid-cache.org>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "iesg@ietf.org" <iesg@ietf.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, IETF-Discussion <ietf@ietf.org>
>
> browser id, openid, and oauth are all authentication frameworks built
> on top of HTTP
>

OAuth is an authorization framework, not an authentication one.  Please be
careful to make the distinction.

What we're looking at here is the need for an HTTP authentication system
that (for example) doesn't send reusable credentials, is less susceptible
to spoofing attacks, and so on.

Barry
Received on Tuesday, 21 February 2012 22:36:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT