Re: [websec] HTTP authentication: the next generation

On 10.12.2010 23:53, Peter Saint-Andre wrote:
> Is it time to start thinking about next-generation authentication
> technologies for HTTP?
> We all know that BASIC and DIGEST are ancient and crufty and lacking
> many features and security properties we might want, but there hasn't
> been much discussion about more modern approaches. Here are a few things
> I've found:
> ...

Probably. But while doing so, we need to look at the existing base as well.

HTTPbis now includes the HTTP authentication framework (essentially 
RFC2617 minus Basic and Digest). The HTTPbis WG is interested on 
feedback on the remaining issues (such as Realm required?, and 
considerations for new schemes).

Also, I believe Basic is not going to go away, and I'd really like to 
fix its I18N problem. Proposal here: 

Best regards, Julian

Received on Monday, 13 December 2010 15:39:58 UTC