W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Session Continuation at WebSec

From: Yoav Nir <ynir@checkpoint.com>
Date: Mon, 14 Jan 2013 16:52:51 +0000
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <4613980CFC78314ABFD7F85CC30277211198384B@IL-EX10.ad.checkpoint.com>
Hi all

Last IETF at the http-auth BoF, some people said that the real issue we should tackle was managing sessions in HTTP and binding them to authentication.

Nicolas Williams has edited a Problem Statement and Requirements document ([1]) for a design team that also included Phillip Hallam-Baker, Yaron Sheffer, and Paul Leach.

The idea is to make a better way of binding requests together for a long-lived session, which may or may not be bound to an authenticated identity. This is to augment or replace the current practice of using cookies to continue sessions.

For discussing this draft, please join & post to the WebSec mailing list ([2]). This message is just a heads-up for the subscribers of this list, who may be interested in the subject.

And now, back to your regularly scheduled programming…

Yoav 

[1] http://tools.ietf.org/html/draft-williams-websec-session-continue-prob-00
[2] https://www.ietf.org/mailman/listinfo/websec
Received on Monday, 14 January 2013 16:53:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 14 January 2013 16:53:27 GMT