Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis) from David Morris on 2012-02-22 (ietf-http-wg@w3.org from January to March 2012)

From: David Morris <dwm@xpasc.com>
Date: Tue, 21 Feb 2012 23:04:45 -0800 (PST)
To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
cc: "iesg@ietf.org" <iesg@ietf.org>, IETF-Discussion <ietf@ietf.org>
Message-ID: <Pine.LNX.4.64.1202212302010.17875@egate.xpasc.com>

On Tue, 21 Feb 2012, Michael Richardson wrote:

> 
> >>>>> "Barry" == Barry Leiba <barryleiba@computer.org> writes:
>     Barry> OAuth is an authorization framework, not an authentication
>     Barry> one.  Please be careful to make the distinction.
> 
>     Barry> What we're looking at here is the need for an HTTP
>     Barry> authentication system that (for example) doesn't send
>     Barry> reusable credentials, is less susceptible to spoofing
>     Barry> attacks, and so on.
> 
> and is implemented in HTTP, not in terms of HTML forms, yet has all the 
> flexibility of the HTML form method?

And includes the ability for the user to logoff / the server reset the 
login?

Received on Wednesday, 22 February 2012 07:05:15 UTC