- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 25 Nov 2009 15:32:18 +1100
- To: public-ietf-w3c <public-ietf-w3c@w3.org>
FYI. Begin forwarded message: > From: IESG Secretary <iesg-secretary@ietf.org> > Date: 25 November 2009 5:00:02 AM AEDT > To: ietf-announce@ietf.org > Cc: http-state@ietf.org > Subject: [http-state] WG Review: HTTP State Management Mechanism (httpstate) > Reply-To: iesg@ietf.org > > A new IETF working group has been proposed in the Applications Area. The > IESG has not made any determination as yet. The following draft charter > was submitted, and is provided for informational purposes only. Please > send your comments to the IESG mailing list (iesg@ietf.org) by Tuesday, > December 1, 2009. > > HTTP State Management Mechanism (httpstate) > --------------------------------------------------- > Current Status: Proposed Working Group > Last modified: 2009-11-11 > > Chair(s): > TBD > > Applications Area Director(s): > Lisa Dusseault <lisa.dusseault@gmail.com> > Alexey Melnikov <alexey.melnikov@isode.com> > > Applications Area Advisor: > Lisa Dusseault <lisa.dusseault@gmail.com> > > Mailing Lists: > General Discussion: http-state@ietf.org > To Subscribe: https://www.ietf.org/mailman/listinfo/http-state > Archive: http://www.ietf.org/mail-archive/web/http- > state/current/maillist.html > Alternative Archive: http://groups.google.com/group/http-state > > Description of Working Group: > > The HTTP State Management Mechanism (aka Cookies) was originally > created by Netscape Communications in their informal Netscape cookie > specification ("cookie_spec.html"), from which formal specifications > RFC 2109 and RFC 2965 evolved. The formal specifications, however, > were never fully implemented in practice; RFC 2109, in addition to > cookie_spec.html, more closely resemble real-world implementations than > RFC 2965, even though RFC 2965 officially obsoletes the former. > Compounding the problem are undocumented features (such as HTTPOnly), > and varying behaviors among real-world implementations. > > The working group will create a new RFC that obsoletes RFC 2109 and > specifies Cookies as they are actually used in existing implementations > and deployments. Where differences exist among the most commonly used > implementations, the working group will document the variations. Where > consensus exists among the most commonly used implementations, the > working group will specify the consensus behavior. > > The working group must not introduce any new syntax or new semantics > not already in common use. > > The working group's specific deliverables are: > > * A standards-track document that is suitable to supersede RFC 2109 > (likely based on draft-abarth-cookie) > * An informational document cataloguing the differences between major > implementations In doing so, the working group should consider: > * cookie_spec.html - Netscape Cookie Specification > http://web.archive.org/web/20070805052634/http://wp.netscape.com/newsre > f/std/cookie_spec.html > * RFC 2109 - HTTP State Management Mechanism (Obsoleted by RFC 2965) > http://tools.ietf.org/html/rfc2109 > * RFC 2964 - Use of HTTP State Management > http://tools.ietf.org/html/rfc2964 > * RFC 2965 - HTTP State Management Mechanism (Obsoletes RFC 2109) > http://tools.ietf.org/html/rfc2965 > * I-D - HTTP State Management Mechanism v2 > http://tools.ietf.org/html/draft-pettersen-cookie-v2 > * I-D - Cookie-based HTTP Authentication > http://tools.ietf.org/html/draft-broyer-http-cookie-auth > * Widely Implemented - HTTPOnly > http://www.owasp.org/index.php/HTTPOnly > * Browser Security Handbook - Cookies > http://code.google.com/p/browsersec/wiki/Part2#Same- > origin_policy_for_cookies > * HTTP Cookies: Standards, Privacy, and Politics by David M. Kristol > http://arxiv.org/PS_cache/cs/pdf/0105/0105018v1.pdf > > Goals and Milestones: > > Jan 2010 - Feature-complete Internet-Draft of Cookie specification > Mar 2010 - Feature-complete test suite of Cookie specification > May 2010 - First fully conforming implementation in a major browser > Jul 2010 - Last Call for Cookie specification > Sep 2010 - Second fully conforming implementation in a major browser > Nov 2010 - Submit Cookie specification to IESG for consideration as > a Draft Standard > Nov 2010 - Submit deviation description to IESG for consideration as > Informational > _______________________________________________ > http-state mailing list > http-state@ietf.org > https://www.ietf.org/mailman/listinfo/http-state -- Mark Nottingham http://www.mnot.net/
Received on Wednesday, 25 November 2009 04:32:51 UTC