RE: Reminder: Call for Proposals - HTTP Authentication

Hi Lionel,

Out of curiosity, do you know about implementations or deployment of RFC 3310 in the context of HTTP? I know it is used in a special way in SIP ("IMS") authentication in a few deployments.

Would the intent be just a promotion from Informational to Standards Track, which would not require any specific technical work as such?

Markus 

>-----Original Message-----
>From: ext lionel.morand@orange.com [mailto:lionel.morand@orange.com]
>Sent: 01 May, 2012 15:13
>To: mnot@mnot.net
>Cc: ietf-http-wg@w3.org
>Subject: RE: Reminder: Call for Proposals - HTTP Authentication
>
>Hi Mark,
>
>Of course, to be applicable, the first requirement for SIM-based
>authentication schemes is to have a SIM card (or software based
>implementation) and this implies that you have a mobile subscription.
>However, the authentication mechanism is not contrite to mobile networks
>and can be typically used over any HTTP-based access, e.g. wifi, adsl, cable,
>etc., the mobile network being used only for AAA purposes, as trusted 3rd-
>party.
>Moreover, the terminal itself can be a mobile phone but also any IP-enabled
>device (e.g. PC, tablet, etc.) providing a API to the SIM card. Moreover, the
>browser is seen as off-the-shelf application and not mobile specific.
>
>For the reasons, I was considering that it would be a general interest to
>reference a standard document instead of an Informational RFC. And this
>period of "clean-up" of the HTTP documentation seems to be suitable for
>that.
>
>Regards,
>
>Lionel
>
>-----Message d'origine-----
>De : Mark Nottingham [mailto:mnot@mnot.net] Envoyé : mardi 1 mai 2012
>02:57 À : MORAND Lionel RD-CORE-ISS Cc : ietf-http-wg@w3.org Objet : Re:
>Reminder: Call for Proposals - HTTP Authentication
>
>Hi Lionel,
>
>Do you know of any use outside of a mobile context? If there's interest, we
>can certainly look at it, but if it's relegated to just that market (whether or
>technical or social reasons), I don't think this would necessarily be the right
>place to advance it to a standard (speaking just for me).
>
>Cheers,
>
>
>On 01/05/2012, at 3:02 AM, <lionel.morand@orange.com>
><lionel.morand@orange.com> wrote:
>
>> Any feedback?
>>
>> Lionel
>>
>> -----Message d'origine-----
>> De : MORAND Lionel RD-CORE-ISS
>> Envoyé : vendredi 27 avril 2012 11:54
>> À : 'Mark Nottingham'; 'HTTP Working Group'
>> Objet : RE: Reminder: Call for Proposals - HTTP Authentication
>>
>> Hi,
>>
>> RFC 3310 is informational but used in mobile networks. I think it is worth to
>consider the interest of defining this mechanism as "standard" HTTP
>authentication scheme. What should be the process?
>>
>> In the same line, I have a draft on adaption of RFC3310 for 2G AKA (see.
>http://tools.ietf.org/id/draft-morand-http-digest-2g-aka-02.txt). I would
>propose to add it to the list of new potential authentication schemes but only
>if RFC 3310 is part of the same list. Otherwise, it could be only informal.
>>
>> Regards,
>>
>> Lionel
>>
>> -----Message d'origine-----
>> De : Mark Nottingham [mailto:mnot@mnot.net] Envoyé : vendredi 27 avril
>> 2012 07:28 À : HTTP Working Group Objet : Reminder: Call for Proposals
>> - HTTP/2.0 and HTTP Authentication
>>
>> Just a reminder that we're still accepting proposals for:
>>
>> 1. HTTP/2.0
>> 2. New HTTP authentication schemes
>>
>> As per our charter <http://datatracker.ietf.org/wg/httpbis/charter/>.
>>
>> So far, we've received the following proposals applicable to HTTP/2.0:
>>  <http://trac.tools.ietf.org/wg/httpbis/trac/wiki/Http2Proposals>
>>
>> But none yet for authentication schemes:
>>  <http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals>
>>
>> As communicated in Paris, the deadline for proposals is 15 June, 2012. It's
>fine if your proposal isn't complete, but we do need to have a  good sense of
>it by then, for discussion.
>>
>> Regards,
>>
>> --
>> Mark Nottingham   http://www.mnot.net/
>>
>>
>>
>>
>
>--
>Mark Nottingham   http://www.mnot.net/
>
>
>

Received on Thursday, 3 May 2012 10:38:12 UTC