- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Thu, 26 Jun 2014 00:48:17 +1200
- To: ietf-http-wg@w3.org
On 25/06/2014 7:32 a.m., Yoav Nir wrote: > > On Jun 24, 2014, at 8:42 AM, Mark Nottingham wrote: > >> Hi Julian, >> >> On 23 Jun 2014, at 6:43 pm, Julian Reschke wrote: >> >>> >>> 4) Session handling (or "avoiding cookies") >>> >>> ...in case we find people, energy, and implementer interest. >> >> That sounds very speculative. Draft? > > http://tools.ietf.org/html/draft-williams-websec-session-continue-prob-00 > http://tools.ietf.org/html/draft-williams-websec-session-continue-proto-00 > http://tools.ietf.org/html/draft-abarth-cake-01 > http://tools.ietf.org/html/draft-hallambaker-httpsession-02 > http://tools.ietf.org/html/draft-hallambaker-httpintegrity-02 > http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05 > > > I could probably dig up a few more if I put my mind to it. > > So people is easy, energy we might be able to find. Implementer interest? I’m not sure it’s there. Some here from Squid. I have been watching Hallam's work with some interest, will be needing proxy support but otherwise there is a lot of promise there. > > Interesting reads on the subject: http://www.vsecurity.com/download/papers/WeaningTheWebOffOfSessionCookies.pdf A must read for all web developers IMHO. Thanks for the reminder. Amos
Received on Wednesday, 25 June 2014 12:48:52 UTC