W3C home > Mailing lists > Public > public-usable-authentication@w3.org > August 2006

Re: Updated charters, with tentative time line

From: Frederick Hirsch <frederick.hirsch@nokia.com>
Date: Tue, 8 Aug 2006 10:19:48 -0400
Message-Id: <0678001D-2395-4B1C-9CE3-FE431080A218@nokia.com>
Cc: Frederick Hirsch <frederick.hirsch@nokia.com>, Thomas Roessler <tlr@w3.org>, public-usable-authentication@w3.org
To: ext Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>

Note that the authentication context structure, defined by Liberty  
Alliance [1] and subsequently updated and incorporated in the OASIS  
SAML 2.0 standard [2] provides a means for expressing some of the  
information Mez identified.

regards, Frederick

Frederick Hirsch
Nokia

[1] <https://www.projectliberty.org/resources/specifications.php#box4>

[2] <http://docs.oasis-open.org/security/saml/v2.0/saml-authn- 
context-2.0-os.pdf>

On Aug 7, 2006, at 5:41 PM, ext Mary Ellen Zurko wrote:

>
> On Web Security Context Baseline,
>
> I'm a bit worried about:
> "a minimal set of security context information "
>
> It seems to imply a single small set of items will be required of  
> any user agent. I don't think it will work out that way, though I  
> do think the alternatives will collapse to a small conceptual set,  
> and that their presence or lack will be important to users. Things  
> like user/web agent history, and strength and meaningfulness of  
> identification/authentication.
>
> A first public working draft implies to me that that version at  
> least will target well known web agents (browsers as opposed to  
> rich client) and core protocols (HTTPS as opposed to Web Services).  
> Are these in fact very aggressive deadlines for a predominantly  
> tactical WG?
>
>           Mez
>
>
>
> public-usable-authentication-request@w3.org wrote on 08/07/2006  
> 12:39:11 PM:
>
> >
> > Hello,
> >
> > I've taken another stab at the scope and deliverable sections
> > of the charter drafts, and added tentative time lines to these.
> >
> >   http://www.w3.org/2005/Security/wsc-charter
> >   http://www.w3.org/2005/Security/htmlauth-charter
> >
> > For the security context information baseline group, I've tried
> > to introduce a clearer partition between the question what to
> > display (and how to do it nicely), and techniques to make that
> > kind of display more robust against spoofing.  (Thanks to Jeff
> > Nelson (Google) for his suggestions.)
> >
> > The form annotations project has seen some general clean-up.
> >
> > The time line (identical for both groups at this point) is
> > essentially the usual 3-month heartbeat requirement for public
> > working drafts, with two public WDs before last call.  A call
> > for participation is assumed to go out in October, and an
> > initial face-to-face meeting (for both groups; hopefully, we
> > can find a way to co-locate these) is assumed for the week of
> > 13 November.
> >
> >
> >    Caveat emptor: Please note that, at this
> >    point, these dates are working hypotheses!
> >
> >
> > Comments would, as always, be useful,
> > --
> > Thomas Roessler, W3C   <tlr@w3.org>
> >
Received on Tuesday, 8 August 2006 14:20:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:15 UTC