Re: Beyond HTTP Authentication: OAuth, OpenID, and BrowserID: Meeting on March 29th at IETF83 from Anders Rundgren on 2012-03-20 (public-identity@w3.org from March 2012)

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Tue, 20 Mar 2012 06:22:43 +0100
To: Harry Halpin <hhalpin@w3.org>
CC: "public-identity@w3.org" <public-identity@w3.org>
Message-ID: <4F681423.1020700@telia.com>

On 2012-03-19 23:03, Harry Halpin wrote:

I won't make it to IETF 83.   Here comes a short presentation
on how I envision that keys will be dealt with in the future:

http://openkeystore.googlecode.com/svn/trunk/resources/docs/tee-se-combo.pdf

There is a Reference Implementation as well:
http://code.google.com/p/openkeystore/source/browse/trunk/library/src/org/webpki/sks/twolayer/se/SEReferenceImplementation.java
http://code.google.com/p/openkeystore/source/browse/trunk/library/src/org/webpki/sks/twolayer/tee/TEEReferenceImplementation.java

thanx,
Anders Rundgren
http://webpki.org/auth-token-4-the-cloud.html

> Not sure how many people are making it to IETF83, but W3C is hosting an 
> onsite meeting on Thursday to discuss OAuth, BrowserID, OpenID, and the 
> upcoming W3C Web Cryptography Working Group. Everyone is invited!
> 
> ==Beyond HTTP Authentication: OAuth, OpenID, and BrowserID==
> 
> =Time and Location=
> 
> Thursday lunchtime (1130 to 1300) in room 252A just between the SCIM BoF 
> and OAuth WG as part of IETF83 in Paris.
> 
> = Problem Statement=
> 
> While OAuth has solved the authorization problem, currently 
> authentication on the Web is still insecure as it has yet for the most 
> part failed to go beyond user-names and passwords. However, at this 
> point a number of new client-side capabilities, including the 
> possibility of W3C standardized Javascript cryptographic primitives, are 
> emerging and a number of specifications such as OpenID Connect, 
> BrowserID, and discussions over the future of HTTP Auth have shown that 
> there is interest in understanding better how client-side key material 
> can be used to enable a more secure Web authentication. However, there 
> has yet to be consensus on how client-side cryptography can enable 
> higher-security OAuth flows. The purpose of this side meeting is to look 
> at a more coherent picture of how technologies in the space of identity, 
> authentication, and authorization combine and interact and to help frame 
> future work in Web authentication.
> 
> This informal meeting will present a number of proposed technical 
> proposals in brief, including relationships to other existing work (such 
> as RTCWeb and the upcoming W3C Web Cryptography Working Group), and to 
> help frame future work in the area.and then precede with open discussion.
> 
> For any questions, please contact Harry Halpin (hhalpin@w3.org)
> 
> =Schedule:=
> 
> 11:30-11:45 Lightning presentations to "level-set" participants.
> 
> Mike Jones (Microsoft) will present the latest work from JOSE and OpenID 
> Connect
> Eric Rescorla (Mozilla hat on) will present Mozilla Persona and 
> RTCWeb/WebRTC work
> Blaine Cook will present OAuth 2.0
> Harry Halpin (W3C) will present the upcoming W3C Web Cryptography API.
> 
> 11:45-13:00 Open discussion on co-ordination between OAuth, HTTP Auth, 
> OpenID Connect, BrowserID, and W3C.
> 
>

Received on Tuesday, 20 March 2012 05:23:14 UTC