- From: Yoav Nir <ynir@checkpoint.com>
- Date: Mon, 14 Jan 2013 16:52:51 +0000
- To: HTTP Working Group <ietf-http-wg@w3.org>
Hi all Last IETF at the http-auth BoF, some people said that the real issue we should tackle was managing sessions in HTTP and binding them to authentication. Nicolas Williams has edited a Problem Statement and Requirements document ([1]) for a design team that also included Phillip Hallam-Baker, Yaron Sheffer, and Paul Leach. The idea is to make a better way of binding requests together for a long-lived session, which may or may not be bound to an authenticated identity. This is to augment or replace the current practice of using cookies to continue sessions. For discussing this draft, please join & post to the WebSec mailing list ([2]). This message is just a heads-up for the subscribers of this list, who may be interested in the subject. And now, back to your regularly scheduled programming… Yoav [1] http://tools.ietf.org/html/draft-williams-websec-session-continue-prob-00 [2] https://www.ietf.org/mailman/listinfo/websec
Received on Monday, 14 January 2013 16:53:25 UTC