W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: Adrien de Croy <adrien@qbik.com>
Date: Wed, 22 Feb 2012 11:38:05 +1300
Message-ID: <4F441CCD.4020907@qbik.com>
To: Julian Reschke <julian.reschke@gmx.de>
CC: mnot@mnot.net, IETF-Discussion <ietf@ietf.org>, iesg@ietf.org, ietf-http-wg@w3.org

Hi Julian,

On 02/21/2012 06:50 PM, Julian Reschke wrote:
> On 2012-02-21 19:37, Stephen Farrell wrote:
>> ...
>>> I believe this should be orthogonal to HTTP/2.0. Is there a specific
>>> thing that makes it impossible to use the existing authentication
>>> framework?
>>
>> Who knows? We don't have a protocol on the table yet. I
>> would imagine that some level of backwards compatibility
>> would be a requirement of course, or at least an issue to
>> be considered.
>>
>> But the existing HTTP client authentication is also not
>> necessarily very useful, and there have been a number of
>> efforts to improve on that, none of which seem to have
>> gotten sufficient traction to get widely deployed/used.
>> Maybe HTTP/2.0 is a good time to try fix that.
>
> Well, we have an existing authentication framework. It would be
> interesting to find out what's missing from it.

session support with login and logout would be good.  I know it's a can 
of worms, with some serious security implications.

But this is why no websites use HTTP auth to speak of, which makes it 
difficult to do integrated authentication.

Adrien
Received on Tuesday, 21 February 2012 22:38:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT