- From: Paul Hoffman <paul.hoffman@vpnc.org>
- Date: Fri, 24 Feb 2012 07:02:38 -0800
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Cc: The IESG <iesg@ietf.org>, ietf-http-wg@w3.org, IETF-Discussion Discussion <ietf@ietf.org>
On Feb 24, 2012, at 4:54 AM, Stephen Farrell wrote: >> "Proposals for new HTTP authentication schemes are in scope." > > How would a plan like the following look to folks: > > - httpbis is chartered to include auth mechanism work as > per the above (or whatever text goes into the charter) > - that'll generate a slew of proposals, some good, some > bad, some better-than-current and some too complex > - plan is for httpbis to pick something (one or more if > they want, but one better-than-current one is the goal) > - give all the above a short timeframe (this year, pick > which to work on at the same time as re-chartering for > the details of HTTP/2.0 maybe) > - httpbis pick what they want, (zero or more) and go > do their stuff > > - if there's still enough interest in some proposals > that were not picked by httpbis we then try charter a sec > area wg to develop experimental specs for those so > they're off the critical path for httpbis (the rest die > unloved;-) > - those experimental specs would be REQUIRED to work with > http/1.1 and/or http/2.0 (as appropriate) with no change > required to http; that'd be in the charter for that > putative sec wg > - that sec wg charter might also say that the putative > wg is not allowed to add new schemes until the > originally chartered ones are completed (to avoid > people turning up every week with their shiny new > scheme) > > Might that be a way forward that'll give enough folks > enough of what they want/need? It would, but I would like to give a counter-proposal that I think will use people's different talents better: - new wg on developing http authentication mechanisms is chartered soon (BoF in Paris); call it the ham wg - httpbis is chartered to follow the work of the ham wg and is required to make sure that the authentication framework in http 2.0 works for as many of the proposals from the ham wg as possible - ham wg is responsible for most of what you list above - http2.0 document says "the mandatory to implement auth mechanisms are named in that RFC over there", which comes from the ham wg There will be overlap in wg membership, but not nearly as much as would be needed for your proposal. --Paul Hoffman
Received on Friday, 24 February 2012 15:03:21 UTC