- From: Keith Moore <moore@cs.utk.edu>
- Date: Wed, 30 May 2007 13:03:23 -0400
- To: Eliot Lear <lear@cisco.com>
- CC: Julian Reschke <julian.reschke@gmx.de>, Paul Hoffman <phoffman@imc.org>, Apps Discuss <discuss@apps.ietf.org>, Mark Nottingham <mnot@mnot.net>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Eliot Lear wrote: > Julian Reschke wrote: >> For instance, RFC2617 needs a revision badly as well (for instance, >> wrt to I18N of usernames and passwords, and, as far as I can recall, >> certain problems with the definition of Digest Auth). IMHO; this >> should occur in a separate working group. > > The HTTP auth model needs a lot of work. Creating an update without > addressing it seems to me pointless. Not that I disagree, but sites that are currently using forms+ssl to do logins aren't going to go back to a model where the browser gets to control the UI for the username/password prompt. So maybe what is needed is an auth model that lets the server give credentials to the browser, along with some advice for how to use it. And whatever mechanism were defined to pass these credentials around would need to be substantially better than what can currently be done with SSL and cookies (if that's even possible) otherwise there would be no point in defining it. IMHO, the first work item of httpbis should be a defect list for http 1.1 and associated documents. The next step would be to assess which defects could reasonably be corrected in a revision to the http document (probably to recycle at DS). Then the group could be rechartered to revise the http specification and to correct other defects that could reasonably be done by that group. One or more additional groups could be spun up to correct the remaining defects.
Received on Wednesday, 30 May 2007 17:04:02 UTC