W3C home > Mailing lists > Public > public-identity@w3.org > March 2012

Re: Beyond HTTP Authentication: OAuth, OpenID, and BrowserID: Meeting on March 29th at IETF83

From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Date: Tue, 20 Mar 2012 09:53:14 +0200
Cc: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Harry Halpin <hhalpin@w3.org>, "public-identity@w3.org" <public-identity@w3.org>
Message-Id: <131A2A81-AF64-4D05-A196-1FD25BF107AE@gmx.net>
To: Anders Rundgren <anders.rundgren@telia.com>
Hi Anders, 

I believe that these topics will be discussed and investigated in the W3C Web Cryptography Working Group. 
Wouldn't you think so? 

Ciao
Hannes

On Mar 20, 2012, at 7:22 AM, Anders Rundgren wrote:

> On 2012-03-19 23:03, Harry Halpin wrote:
> 
> I won't make it to IETF 83.   Here comes a short presentation
> on how I envision that keys will be dealt with in the future:
> 
> http://openkeystore.googlecode.com/svn/trunk/resources/docs/tee-se-combo.pdf
> 
> There is a Reference Implementation as well:
> http://code.google.com/p/openkeystore/source/browse/trunk/library/src/org/webpki/sks/twolayer/se/SEReferenceImplementation.java
> http://code.google.com/p/openkeystore/source/browse/trunk/library/src/org/webpki/sks/twolayer/tee/TEEReferenceImplementation.java
> 
> thanx,
> Anders Rundgren
> http://webpki.org/auth-token-4-the-cloud.html
> 
>> Not sure how many people are making it to IETF83, but W3C is hosting an 
>> onsite meeting on Thursday to discuss OAuth, BrowserID, OpenID, and the 
>> upcoming W3C Web Cryptography Working Group. Everyone is invited!
>> 
>> ==Beyond HTTP Authentication: OAuth, OpenID, and BrowserID==
>> 
>> =Time and Location=
>> 
>> Thursday lunchtime (1130 to 1300) in room 252A just between the SCIM BoF 
>> and OAuth WG as part of IETF83 in Paris.
>> 
>> = Problem Statement=
>> 
>> While OAuth has solved the authorization problem, currently 
>> authentication on the Web is still insecure as it has yet for the most 
>> part failed to go beyond user-names and passwords. However, at this 
>> point a number of new client-side capabilities, including the 
>> possibility of W3C standardized Javascript cryptographic primitives, are 
>> emerging and a number of specifications such as OpenID Connect, 
>> BrowserID, and discussions over the future of HTTP Auth have shown that 
>> there is interest in understanding better how client-side key material 
>> can be used to enable a more secure Web authentication. However, there 
>> has yet to be consensus on how client-side cryptography can enable 
>> higher-security OAuth flows. The purpose of this side meeting is to look 
>> at a more coherent picture of how technologies in the space of identity, 
>> authentication, and authorization combine and interact and to help frame 
>> future work in Web authentication.
>> 
>> This informal meeting will present a number of proposed technical 
>> proposals in brief, including relationships to other existing work (such 
>> as RTCWeb and the upcoming W3C Web Cryptography Working Group), and to 
>> help frame future work in the area.and then precede with open discussion.
>> 
>> For any questions, please contact Harry Halpin (hhalpin@w3.org)
>> 
>> =Schedule:=
>> 
>> 11:30-11:45 Lightning presentations to "level-set" participants.
>> 
>> Mike Jones (Microsoft) will present the latest work from JOSE and OpenID 
>> Connect
>> Eric Rescorla (Mozilla hat on) will present Mozilla Persona and 
>> RTCWeb/WebRTC work
>> Blaine Cook will present OAuth 2.0
>> Harry Halpin (W3C) will present the upcoming W3C Web Cryptography API.
>> 
>> 11:45-13:00 Open discussion on co-ordination between OAuth, HTTP Auth, 
>> OpenID Connect, BrowserID, and W3C.
>> 
>> 
> 
> 
Received on Tuesday, 20 March 2012 07:59:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 20 March 2012 07:59:59 GMT