- From: Peter Saint-Andre <stpeter@stpeter.im>
- Date: Thu, 01 Mar 2012 11:43:47 -0700
- To: Nick Hilliard <nick@inex.ie>
- CC: iesg@ietf.org, mnot@mnot.net, ietf-http-wg@w3.org, IETF discussion list <ietf@ietf.org>
[ no hat ] On 3/1/12 11:01 AM, Nick Hilliard wrote: > On 01/03/2012 17:50, Peter Saint-Andre wrote: >> Stephen and I just had a chat about this matter. He and I came up with a >> proposed paragraph to add after that list of bullet points: >> >> In the initial phase of work on HTTP/2.0, new proposals >> for authentication schemes can be made. The WG will >> select zero or more of those with a goal of choosing >> at least one scheme that is better than those available >> for HTTP/1.x. Non-selected schemes might be discussed >> with the IETF Security Area for further work there. >> >> Your comments are welcome. > > Can I suggest you also include authorization capabilities as a core > component of this. It's not much use to have people able to authenticate > themselves to a system if that system doesn't also provide a framework for > allowing the server-side application decide what they can or cannot do. Feel free to include that in your proposal. :) Peter -- Peter Saint-Andre https://stpeter.im/
Received on Thursday, 1 March 2012 18:44:19 UTC