- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 22 Feb 2012 09:39:33 +0100
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, "iesg@ietf.org" <iesg@ietf.org>, IETF-Discussion <ietf@ietf.org>
- CC: David Morris <dwm@xpasc.com>
On 2012-02-22 08:04, David Morris wrote: > > > On Tue, 21 Feb 2012, Michael Richardson wrote: > >> >>>>>>> "Barry" == Barry Leiba<barryleiba@computer.org> writes: >> Barry> OAuth is an authorization framework, not an authentication >> Barry> one. Please be careful to make the distinction. >> >> Barry> What we're looking at here is the need for an HTTP >> Barry> authentication system that (for example) doesn't send >> Barry> reusable credentials, is less susceptible to spoofing >> Barry> attacks, and so on. >> >> and is implemented in HTTP, not in terms of HTML forms, yet has all the >> flexibility of the HTML form method? > > And includes the ability for the user to logoff / the server reset the > login? Is that a protocol problem or a user agent problem? -- > <http://lists.w3.org/Archives/Public/www-archive/2012Jan/0023.html> Best regards, Julian
Received on Wednesday, 22 February 2012 08:40:10 UTC