W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: David Morris <dwm@xpasc.com>
Date: Wed, 22 Feb 2012 07:25:16 -0800 (PST)
To: "'HTTP Working Group'" <ietf-http-wg@w3.org>
cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, "iesg@ietf.org" <iesg@ietf.org>, IETF-Discussion <ietf@ietf.org>
Message-ID: <Pine.LNX.4.64.1202220713520.28289@egate.xpasc.com>


On Wed, 22 Feb 2012, Julian Reschke wrote:

> On 2012-02-22 08:04, David Morris wrote:
> > 
> > 
> > On Tue, 21 Feb 2012, Michael Richardson wrote:
> > 
> > > 
> > > > > > > > "Barry" == Barry Leiba<barryleiba@computer.org>  writes:
> > >      Barry>  OAuth is an authorization framework, not an authentication
> > >      Barry>  one.  Please be careful to make the distinction.
> > > 
> > >      Barry>  What we're looking at here is the need for an HTTP
> > >      Barry>  authentication system that (for example) doesn't send
> > >      Barry>  reusable credentials, is less susceptible to spoofing
> > >      Barry>  attacks, and so on.
> > > 
> > > and is implemented in HTTP, not in terms of HTML forms, yet has all the
> > > flexibility of the HTML form method?
> > 
> > And includes the ability for the user to logoff / the server reset the
> > login?
> 
> Is that a protocol problem or a user agent problem?
> 
> -- > <http://lists.w3.org/Archives/Public/www-archive/2012Jan/0023.html>

I consider it a protocol issue in the same way that authentication is a
protocol issue.

The question I was responding to was one of adoption by application
developers and is in addition to the lack of application control over
the current authenticate dialog. A "use case" if you will.

The JS approach isn't really adequate because not all user agents
execute the payload. Second 1/2 of the "use case."

I'm not advocating that this be solved as part of the Recharter/2.0
activity, I'm neutral on the where question.
Received on Wednesday, 22 February 2012 15:25:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT