- From: Thomas Broyer <t.broyer@ltgt.net>
- Date: Mon, 5 Jan 2009 01:25:13 +0100
- To: ietf-http-auth@osafoundation.org
- Cc: ietf-http-wg@w3.org, public-html <public-html@w3.org>, whatwg@whatwg.org
Hi all, As I previously said, I spent some holiday time to put my thoughts about "RFC2617-compliant cookie-based authentication" into an Internet Draft. Today is my birthday (and the last day of my holidays) so I thought I should do something special. I therefore submitted version 00 of my work ("release early, release often" they said). As written in the draft, discussion should go to the ietf-http-auth list (if it happened to not be the appropriate list, please tell me so I can fix it in the next version). The Security Considerations section is not yet complete but for this 00 draft I though the overall authentication process was the most important (have a look at the examples too). Thanks in advance for your feedback. (My intent is to publish some kind of "reference implementations" and "proof of concepts" in various languages later in my mercurial repository http://broyer.info/hg/http-cookie-auth/ but if you'd like to contribute now, just send me your code!) ---------- Forwarded message ---------- From: IETF I-D Submission Tool <idsubmission@ietf.org> Date: Mon, Jan 5, 2009 at 1:15 AM Subject: New Version Notification for draft-broyer-http-cookie-auth-00 To: t.broyer@ltgt.net A new version of I-D, draft-broyer-http-cookie-auth-00.txt has been successfuly submitted by Thomas Broyer and posted to the IETF repository. Filename: draft-broyer-http-cookie-auth Revision: 00 Title: Cookie-based HTTP Authentication Creation_date: 2009-01-04 WG ID: Independent Submission Number_of_pages: 11 Abstract: This document specifies an HTTP authentication scheme for use when credentials are validated by an out-of-band mechanism (not defined here) and later communicated to the server through the use of a cookie. Which out-of-band mechanism should be used, and how, is described by the 401 (Unauthorized) response body. It is common practice that this mechanism is an HTML form, sending the user's credentials with the use of an HTTP POST request to a tier URL which will set a cookie in response; though this document doesn't preclude the use of other mechanisms. The IETF Secretariat. -- Thomas Broyer
Received on Monday, 5 January 2009 00:25:50 UTC