- From: Francisco Corella <fcorella@pomcor.com>
- Date: Mon, 19 Mar 2012 20:33:18 -0700 (PDT)
- To: Harry Halpin <hhalpin@w3.org>, "http-auth@ietf.org" <http-auth@ietf.org>, "public-identity@w3.org" <public-identity@w3.org>, "dev-identity@lists.mozilla.org" <dev-identity@lists.mozilla.org>
- Cc: Karen Lewison <kplewison@pomcor.com>
- Message-ID: <1332214398.39729.YahooMailNeo@web125502.mail.ne1.yahoo.com>
Harry, Are you still planning on organizing a workshop on the use of certificates for user authentication on the Web? You've said a couple of times that you wanted to have one this spring. Francisco >________________________________ > From: Harry Halpin <hhalpin@w3.org> >To: "http-auth@ietf.org" <http-auth@ietf.org>; "public-identity@w3.org" <public-identity@w3.org>; dev-identity@lists.mozilla.org >Sent: Monday, March 19, 2012 3:03 PM >Subject: Beyond HTTP Authentication: OAuth, OpenID, and BrowserID: Meeting on March 29th at IETF83 > >Not sure how many people are making it to IETF83, but W3C is hosting an onsite meeting on Thursday to discuss OAuth, BrowserID, OpenID, and the upcoming W3C Web Cryptography Working Group. Everyone is invited! > >==Beyond HTTP Authentication: OAuth, OpenID, and BrowserID== > >=Time and Location= > >Thursday lunchtime (1130 to 1300) in room 252A just between the SCIM BoF and OAuth WG as part of IETF83 in Paris. > >= Problem Statement= > >While OAuth has solved the authorization problem, currently authentication on the Web is still insecure as it has yet for the most part failed to go beyond user-names and passwords. However, at this point a number of new client-side capabilities, including the possibility of W3C standardized Javascript cryptographic primitives, are emerging and a number of specifications such as OpenID Connect, BrowserID, and discussions over the future of HTTP Auth have shown that there is interest in understanding better how client-side key material can be used to enable a more secure Web authentication. However, there has yet to be consensus on how client-side cryptography can enable higher-security OAuth flows. The purpose of this side meeting is to look at a more coherent picture of how technologies in the space of identity, authentication, and authorization combine and interact and to help frame future work in Web authentication. > >This informal meeting will present a number of proposed technical proposals in brief, including relationships to other existing work (such as RTCWeb and the upcoming W3C Web Cryptography Working Group), and to help frame future work in the area.and then precede with open discussion. > >For any questions, please contact Harry Halpin (hhalpin@w3.org) > >=Schedule:= > >11:30-11:45 Lightning presentations to "level-set" participants. > >Mike Jones (Microsoft) will present the latest work from JOSE and OpenID Connect >Eric Rescorla (Mozilla hat on) will present Mozilla Persona and RTCWeb/WebRTC work >Blaine Cook will present OAuth 2.0 >Harry Halpin (W3C) will present the upcoming W3C Web Cryptography API. > >11:45-13:00 Open discussion on co-ordination between OAuth, HTTP Auth, OpenID Connect, BrowserID, and W3C. > > > >
Received on Tuesday, 20 March 2012 03:33:48 UTC