- From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
- Date: Tue, 20 Mar 2012 09:53:14 +0200
- To: Anders Rundgren <anders.rundgren@telia.com>
- Cc: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Harry Halpin <hhalpin@w3.org>, "public-identity@w3.org" <public-identity@w3.org>
Hi Anders, I believe that these topics will be discussed and investigated in the W3C Web Cryptography Working Group. Wouldn't you think so? Ciao Hannes On Mar 20, 2012, at 7:22 AM, Anders Rundgren wrote: > On 2012-03-19 23:03, Harry Halpin wrote: > > I won't make it to IETF 83. Here comes a short presentation > on how I envision that keys will be dealt with in the future: > > http://openkeystore.googlecode.com/svn/trunk/resources/docs/tee-se-combo.pdf > > There is a Reference Implementation as well: > http://code.google.com/p/openkeystore/source/browse/trunk/library/src/org/webpki/sks/twolayer/se/SEReferenceImplementation.java > http://code.google.com/p/openkeystore/source/browse/trunk/library/src/org/webpki/sks/twolayer/tee/TEEReferenceImplementation.java > > thanx, > Anders Rundgren > http://webpki.org/auth-token-4-the-cloud.html > >> Not sure how many people are making it to IETF83, but W3C is hosting an >> onsite meeting on Thursday to discuss OAuth, BrowserID, OpenID, and the >> upcoming W3C Web Cryptography Working Group. Everyone is invited! >> >> ==Beyond HTTP Authentication: OAuth, OpenID, and BrowserID== >> >> =Time and Location= >> >> Thursday lunchtime (1130 to 1300) in room 252A just between the SCIM BoF >> and OAuth WG as part of IETF83 in Paris. >> >> = Problem Statement= >> >> While OAuth has solved the authorization problem, currently >> authentication on the Web is still insecure as it has yet for the most >> part failed to go beyond user-names and passwords. However, at this >> point a number of new client-side capabilities, including the >> possibility of W3C standardized Javascript cryptographic primitives, are >> emerging and a number of specifications such as OpenID Connect, >> BrowserID, and discussions over the future of HTTP Auth have shown that >> there is interest in understanding better how client-side key material >> can be used to enable a more secure Web authentication. However, there >> has yet to be consensus on how client-side cryptography can enable >> higher-security OAuth flows. The purpose of this side meeting is to look >> at a more coherent picture of how technologies in the space of identity, >> authentication, and authorization combine and interact and to help frame >> future work in Web authentication. >> >> This informal meeting will present a number of proposed technical >> proposals in brief, including relationships to other existing work (such >> as RTCWeb and the upcoming W3C Web Cryptography Working Group), and to >> help frame future work in the area.and then precede with open discussion. >> >> For any questions, please contact Harry Halpin (hhalpin@w3.org) >> >> =Schedule:= >> >> 11:30-11:45 Lightning presentations to "level-set" participants. >> >> Mike Jones (Microsoft) will present the latest work from JOSE and OpenID >> Connect >> Eric Rescorla (Mozilla hat on) will present Mozilla Persona and >> RTCWeb/WebRTC work >> Blaine Cook will present OAuth 2.0 >> Harry Halpin (W3C) will present the upcoming W3C Web Cryptography API. >> >> 11:45-13:00 Open discussion on co-ordination between OAuth, HTTP Auth, >> OpenID Connect, BrowserID, and W3C. >> >> > >
Received on Tuesday, 20 March 2012 07:59:58 UTC