W3C home > Mailing lists > Public > public-identity@w3.org > June 2011

Re: [http-auth] re-call for IETF http-auth BoF

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 09 Jun 2011 16:40:50 +0200
Message-ID: <4DF0DB72.9090601@gmx.de>
To: http-auth@ietf.org, y.oiwa@aist.go.jp
CC: public-identity@w3.org, websec@ietf.org, saag@ietf.org, Sean Turner <turners@ieca.com>
On 2011-06-09 16:31, Yutaka OIWA wrote:
> ...
> password stealing, session hijack, and phishing.  Currently, the HTTP
> core protocol only provides basic plaintext password authentication
> and MD5-based hashed password authentication, both of which are
> ...

That's kind of misleading; the core HTTP protocol doesn't define any 
concrete authentication schemes at all; it just offers a framework 
(header fields, status codes etc).

 > ...
> Both BoF and possible future working group expect well coordination
> with W3C's effort on the related topics.  It shall also be in
> coordination with related IETF working groups, including websec, abfab
> and oauth.
> ...

I believe you need to add HTTPbis.

Best regards, Julian
Received on Thursday, 9 June 2011 14:41:31 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:00:47 UTC