Re: Beyond HTTP Authentication: OAuth, OpenID, and BrowserID: Meeting on March 29th at IETF83 from Harry Halpin on 2012-03-20 (public-identity@w3.org from March 2012)

From: Harry Halpin <hhalpin@w3.org>
Date: Tue, 20 Mar 2012 13:50:05 +0100
To: Anders Rundgren <anders.rundgren@telia.com>
CC: "public-identity@w3.org" <public-identity@w3.org>
Message-ID: <4F687CFD.7070209@w3.org>

On 03/20/2012 06:22 AM, Anders Rundgren wrote:
> On 2012-03-19 23:03, Harry Halpin wrote:
>
> I won't make it to IETF 83.   Here comes a short presentation
> on how I envision that keys will be dealt with in the future:
>
> http://openkeystore.googlecode.com/svn/trunk/resources/docs/tee-se-combo.pdf
>
> There is a Reference Implementation as well:
> http://code.google.com/p/openkeystore/source/browse/trunk/library/src/org/webpki/sks/twolayer/se/SEReferenceImplementation.java
> http://code.google.com/p/openkeystore/source/browse/trunk/library/src/org/webpki/sks/twolayer/tee/TEEReferenceImplementation.java
>

Thanks Anders, I'll give this a look over before the meeting!

> thanx,
> Anders Rundgren
> http://webpki.org/auth-token-4-the-cloud.html
>
>> Not sure how many people are making it to IETF83, but W3C is hosting an
>> onsite meeting on Thursday to discuss OAuth, BrowserID, OpenID, and the
>> upcoming W3C Web Cryptography Working Group. Everyone is invited!
>>
>> ==Beyond HTTP Authentication: OAuth, OpenID, and BrowserID==
>>
>> =Time and Location=
>>
>> Thursday lunchtime (1130 to 1300) in room 252A just between the SCIM BoF
>> and OAuth WG as part of IETF83 in Paris.
>>
>> = Problem Statement=
>>
>> While OAuth has solved the authorization problem, currently
>> authentication on the Web is still insecure as it has yet for the most
>> part failed to go beyond user-names and passwords. However, at this
>> point a number of new client-side capabilities, including the
>> possibility of W3C standardized Javascript cryptographic primitives, are
>> emerging and a number of specifications such as OpenID Connect,
>> BrowserID, and discussions over the future of HTTP Auth have shown that
>> there is interest in understanding better how client-side key material
>> can be used to enable a more secure Web authentication. However, there
>> has yet to be consensus on how client-side cryptography can enable
>> higher-security OAuth flows. The purpose of this side meeting is to look
>> at a more coherent picture of how technologies in the space of identity,
>> authentication, and authorization combine and interact and to help frame
>> future work in Web authentication.
>>
>> This informal meeting will present a number of proposed technical
>> proposals in brief, including relationships to other existing work (such
>> as RTCWeb and the upcoming W3C Web Cryptography Working Group), and to
>> help frame future work in the area.and then precede with open discussion.
>>
>> For any questions, please contact Harry Halpin (hhalpin@w3.org)
>>
>> =Schedule:=
>>
>> 11:30-11:45 Lightning presentations to "level-set" participants.
>>
>> Mike Jones (Microsoft) will present the latest work from JOSE and OpenID
>> Connect
>> Eric Rescorla (Mozilla hat on) will present Mozilla Persona and
>> RTCWeb/WebRTC work
>> Blaine Cook will present OAuth 2.0
>> Harry Halpin (W3C) will present the upcoming W3C Web Cryptography API.
>>
>> 11:45-13:00 Open discussion on co-ordination between OAuth, HTTP Auth,
>> OpenID Connect, BrowserID, and W3C.
>>
>>

Received on Tuesday, 20 March 2012 12:49:20 UTC