W3C home > Mailing lists > Public > public-identity@w3.org > June 2011

Re: [websec] [http-auth] re-call for IETF http-auth BoF

From: Alexey Melnikov <alexey.melnikov@isode.com>
Date: Sun, 12 Jun 2011 17:18:11 +0100
Message-ID: <4DF4E6C3.8030206@isode.com>
To: Julian Reschke <julian.reschke@gmx.de>
CC: http-auth@ietf.org, y.oiwa@aist.go.jp, Sean Turner <turners@ieca.com>, public-identity@w3.org, websec@ietf.org, saag@ietf.org
Julian Reschke wrote:

> On 2011-06-09 16:31, Yutaka OIWA wrote:
>
>> ...
>> password stealing, session hijack, and phishing.  Currently, the HTTP
>> core protocol only provides basic plaintext password authentication
>> and MD5-based hashed password authentication, both of which are
>> ...
>
> That's kind of misleading; the core HTTP protocol doesn't define any 
> concrete authentication schemes at all; it just offers a framework 
> (header fields, status codes etc).
>
> > ...
>
>> Both BoF and possible future working group expect well coordination
>> with W3C's effort on the related topics.  It shall also be in
>> coordination with related IETF working groups, including websec, abfab
>> and oauth.
>> ...
>
> I believe you need to add HTTPbis.

+1.

I would also add Kitten.
Received on Sunday, 12 June 2011 16:19:13 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 12 June 2011 16:19:13 GMT