- From: Chris Newman <Chris.Newman@Sun.COM>
- Date: Fri, 08 Jun 2007 12:00:26 -0700
- To: Julian Reschke <julian.reschke@gmx.de>, Paul Hoffman <phoffman@imc.org>
- Cc: Apps Discuss <discuss@apps.ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Julian Reschke wrote on 6/7/07 18:01 +0200:
> maybe things become clearer if we consider re-organizing the security stuff?
>
> Currently,
>
> - RFC2616 refers (normatively?) to RFC2617 for authentication, and
>
> - RFC2617 defines a framework (Section 1.2) and two schemes (Basic and
> Digest).
>
> Assuming that there's no immediate need to change the framework defines in
> RCF2617, Section 1.2, wouldn't it make sense to:
>
> - Move the authentication framework itself into RFC2616bis, and
>
> - to then publish stand-alone documents upgrading/fixing both Basic and
> Digest?
>
> The benefits being:
>
> - RFC2616bis doesn't have the dependency on its sister spec anymore, which
> suffers from Basic and Digest problems, and
>
> - Basic, Digest and new schemes could evolve independently.
Sounds like an idea worth considering to me. In past cases where Apps has
bundled authentication mechanisms with general frameworks (e.g. RFC 1731,
2595), the mechanisms have invariably been split away from the framework for
one reason or another.
- Chris
Received on Friday, 8 June 2007 19:00:42 UTC