W3C home > Mailing lists > Public > public-usable-authentication@w3.org > August 2006

Re: Updated charters... - suggestions to auth annotations wg

From: Amir Herzberg <herzbea@macs.biu.ac.il>
Date: Tue, 22 Aug 2006 17:26:02 +0300
Message-ID: <44EB13FA.9080700@cs.biu.ac.il>
To: "Linn, John" <jlinn@rsasecurity.com>
CC: Thomas Roessler <tlr@w3.org>, public-usable-authentication@w3.org

Linn, John wrote:
> Re the "Form Annotations for HTTP Authentication" draft charter, would
> there be interest in generalizing the scope so as also to encompass
> structural and tagging facilities for authentication-related information
> sent in the reverse direction, from UAs to servers?  This may not be
> necessary for a usage mode where a server-UA request triggers the UA to
> initiate a protocol-level HTTP authentication transaction (and where
> that protocol would likely have its own means to represent parameters),
> but could serve to discriminate among different protected (e.g., hashed
> and/or encrypted) credential representations that UAs could transfer
> within POSTs and to carry their associated parameters.  As such, this
> could provide a useful vehicle to incorporate enhanced capabilities
> within the common POST-based paradigm. 
Sorry for my late response (having been away)... but I haven't seen a 
response to John's comment/suggestion above - and would like to second it.

Furthermore, I would like to propose that we also consider form 
annotations for authentication of the page contents (from server to 
client). Inclusion of a digital signature on the page contents could be 
very effective for several goals, and sometimes preferable to the usage 
of SSL/TLS, for performance but also for other considerations. Yes, this 
is `the return of the SHTTP`, if you like - I believe, the time is now 
right, and we also have the tools now (XML DSIG etc.) to make this a 
very reasonable effort.

Best, Amir
> --jl
> -----Original Message-----
> From: public-usable-authentication-request@w3.org
> [mailto:public-usable-authentication-request@w3.org] On Behalf Of Thomas
> Roessler
> Sent: Monday, August 07, 2006 12:39 PM
> To: public-usable-authentication@w3.org
> Subject: Updated charters, with tentative time line
> Hello,
> I've taken another stab at the scope and deliverable sections
> of the charter drafts, and added tentative time lines to these.
>   http://www.w3.org/2005/Security/wsc-charter
>   http://www.w3.org/2005/Security/htmlauth-charter
> For the security context information baseline group, I've tried
> to introduce a clearer partition between the question what to
> display (and how to do it nicely), and techniques to make that
> kind of display more robust against spoofing.  (Thanks to Jeff
> Nelson (Google) for his suggestions.)
> The form annotations project has seen some general clean-up.
> The time line (identical for both groups at this point) is
> essentially the usual 3-month heartbeat requirement for public
> working drafts, with two public WDs before last call.  A call
> for participation is assumed to go out in October, and an
> initial face-to-face meeting (for both groups; hopefully, we
> can find a way to co-locate these) is assumed for the week of
> 13 November.
> 	Caveat emptor: Please note that, at this 
> 	point, these dates are working hypotheses!
> Comments would, as always, be useful,
Received on Tuesday, 22 August 2006 14:28:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:15 UTC