W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: HTTP Mutual-auth proposal status / HTTP AUTH meet-up in Anaheim?

From: =JeffH <Jeff.Hodges@KingsMountain.com>
Date: Mon, 28 Dec 2009 16:22:44 -0800
Message-ID: <4B394BD4.3020104@KingsMountain.com>
To: apps-discuss@ietf.org, public-web-security@w3.org
CC: ietf-http-wg@w3.org, ietf-http-auth@osafoundation.org
[ I am replying to all lists because the info wrt on-going HTTP authn work in 
the IETF OAuth WG may not as yet be widely known; otherwise, apologies for 
cross-posting ]


Oiwa-san,

Thanks for sending out this announcement regarding your on-going work. Having a 
meetup of one form or another to discuss HTTP authentication will be useful.

In regards of the working-group context though, I note that the feedback given 
on your presentation at IETF-74 in SF was that it was likely that the 
appropriate place to discuss this work would be the to-be-formed OAuth WG...

from: http://www.ietf.org/proceedings/74/minutes/httpbis.txt:
 >
 > Mutual Authentication was covered with some questions from the audience. It
 > was pointed out that it may be most appropriate to take this work to the
 > to-be-formed OAuth WG, since it now appears that they're designing a
 > "two-legged" (i.e., normal client/server) HTTP authentication mechanism as
 > well.


Indeed, the OAuth WG has now formed 
<http://www.ietf.org/dyn/wg/charter/oauth-charter.html> and its charter has 
this note down towards the end..

 > The Working Group will also define a generally applicable
 > HTTP authentication mechanism (i.e., browser-based "2-leg"
 > scenerio).


So I respectfully suggest re-sending your message to <oauth@ietf.org> and 
taking discussion there -- and for those interested folks to subscribe to 
<oauth@ietf.org>.

Hope this helps,

=JeffH
Received on Tuesday, 29 December 2009 00:23:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT