Re: HTTP Mutual-auth proposal status / HTTP AUTH meet-up in Anaheim?

[ I am replying to all lists because the info wrt on-going HTTP authn work in 
the IETF OAuth WG may not as yet be widely known; otherwise, apologies for 
cross-posting ]


Oiwa-san,

Thanks for sending out this announcement regarding your on-going work. Having a 
meetup of one form or another to discuss HTTP authentication will be useful.

In regards of the working-group context though, I note that the feedback given 
on your presentation at IETF-74 in SF was that it was likely that the 
appropriate place to discuss this work would be the to-be-formed OAuth WG...

from: http://www.ietf.org/proceedings/74/minutes/httpbis.txt:
 >
 > Mutual Authentication was covered with some questions from the audience. It
 > was pointed out that it may be most appropriate to take this work to the
 > to-be-formed OAuth WG, since it now appears that they're designing a
 > "two-legged" (i.e., normal client/server) HTTP authentication mechanism as
 > well.


Indeed, the OAuth WG has now formed 
<http://www.ietf.org/dyn/wg/charter/oauth-charter.html> and its charter has 
this note down towards the end..

 > The Working Group will also define a generally applicable
 > HTTP authentication mechanism (i.e., browser-based "2-leg"
 > scenerio).


So I respectfully suggest re-sending your message to <oauth@ietf.org> and 
taking discussion there -- and for those interested folks to subscribe to 
<oauth@ietf.org>.

Hope this helps,

=JeffH

Received on Tuesday, 29 December 2009 00:23:00 UTC