W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis)

From: Peter Saint-Andre <stpeter@stpeter.im>
Date: Wed, 22 Feb 2012 10:39:14 -0700
Message-ID: <4F452842.3050905@stpeter.im>
To: Paul Hoffman <paul.hoffman@vpnc.org>
CC: The IESG <iesg@ietf.org>, IETF-Discussion <ietf@ietf.org>, ietf-http-wg@w3.org
On 2/22/12 10:31 AM, Paul Hoffman wrote:
> The earnest calls for better authentication on this thread appear to
> ignore the fact that the very things that are being requested were
> put out of scope for the websec WG in their charter. I hope that no
> one things that a WG in the Applications Area will be better equipped
> to come up with a better authentication mechanism than one in the
> Security Area.

The WebSec WG is in the Applications Area.

> Asking the HTTPheads to guess what the securityheads might want is
> not a good way to design HTTP 2.0.

Probably not.

> Proposal: leave the httpbis WG charter as-is and re-charter the
> websec WG to consider what is needed in the HTTP authentication
> model. Later, recharter the websec WG to, you know, actually do the
> security work for authentication.

Or charter a separate WG to focus on HTTP authentication. (You might
recall that the BoF leading to formation of the WebSec WG was entitled
HASMAT = "HTTP Application Security Minus Authentication and Transport"
or somesuch.)

Peter

-- 
Peter Saint-Andre
https://stpeter.im/
Received on Wednesday, 22 February 2012 17:39:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:56 GMT