- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Tue, 21 Feb 2012 22:19:28 +0000
- To: Julian Reschke <julian.reschke@gmx.de>
- CC: mnot@mnot.net, IETF-Discussion <ietf@ietf.org>, iesg@ietf.org, ietf-http-wg@w3.org
Hi Julian, On 02/21/2012 06:50 PM, Julian Reschke wrote: > On 2012-02-21 19:37, Stephen Farrell wrote: >> ... >>> I believe this should be orthogonal to HTTP/2.0. Is there a specific >>> thing that makes it impossible to use the existing authentication >>> framework? >> >> Who knows? We don't have a protocol on the table yet. I >> would imagine that some level of backwards compatibility >> would be a requirement of course, or at least an issue to >> be considered. >> >> But the existing HTTP client authentication is also not >> necessarily very useful, and there have been a number of >> efforts to improve on that, none of which seem to have >> gotten sufficient traction to get widely deployed/used. >> Maybe HTTP/2.0 is a good time to try fix that. > > Well, we have an existing authentication framework. It would be > interesting to find out what's missing from it. Fair point. I would wonder whether that framework could be used as-is if HTTP/2.0 does do away "with the of HTTP/1.x message framing and syntax" but I guess some equivalent functionality could be defined in that case. So as in my initial mail the 1st question here is, what does "modern" mean in this draft charter? E.g. does it mean "same as the current framework with different bits" or something else? If so, what? And then should it include adding some new options or MTI auth schemes as part of HTTP/2.0 or even looking at that? (I think it ought to include trying for that personally, even if there is a higher-than-usual risk of failure.) S
Received on Tuesday, 21 February 2012 22:19:54 UTC