Re: WG Review: Recharter of Hypertext Transfer Protocol Bis (httpbis) from Barry Leiba on 2012-02-21 (ietf-http-wg@w3.org from January to March 2012)

From: Barry Leiba <barryleiba@computer.org>
Date: Tue, 21 Feb 2012 17:36:11 -0500
To: Robert Collins <robertc@squid-cache.org>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "iesg@ietf.org" <iesg@ietf.org>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, IETF-Discussion <ietf@ietf.org>
Message-ID: <CAC4RtVB==09BD79S2wesGuZtbsNy3NCwQzKvHUTKNZPG0Br1Gg@mail.gmail.com>

>
> browser id, openid, and oauth are all authentication frameworks built
> on top of HTTP
>

OAuth is an authorization framework, not an authentication one.  Please be
careful to make the distinction.

What we're looking at here is the need for an HTTP authentication system
that (for example) doesn't send reusable credentials, is less susceptible
to spoofing attacks, and so on.

Barry

Received on Tuesday, 21 February 2012 22:36:38 UTC