- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 09 Jun 2011 16:40:50 +0200
- To: http-auth@ietf.org, y.oiwa@aist.go.jp
- CC: public-identity@w3.org, websec@ietf.org, saag@ietf.org, Sean Turner <turners@ieca.com>
On 2011-06-09 16:31, Yutaka OIWA wrote: > ... > password stealing, session hijack, and phishing. Currently, the HTTP > core protocol only provides basic plaintext password authentication > and MD5-based hashed password authentication, both of which are > ... That's kind of misleading; the core HTTP protocol doesn't define any concrete authentication schemes at all; it just offers a framework (header fields, status codes etc). > ... > Both BoF and possible future working group expect well coordination > with W3C's effort on the related topics. It shall also be in > coordination with related IETF working groups, including websec, abfab > and oauth. > ... I believe you need to add HTTPbis. Best regards, Julian
Received on Thursday, 9 June 2011 14:41:31 UTC