- From: Linn, John <jlinn@rsasecurity.com>
- Date: Tue, 8 Aug 2006 10:02:48 -0400
- To: "Thomas Roessler" <tlr@w3.org>, <public-usable-authentication@w3.org>
Re the "Form Annotations for HTTP Authentication" draft charter, would there be interest in generalizing the scope so as also to encompass structural and tagging facilities for authentication-related information sent in the reverse direction, from UAs to servers? This may not be necessary for a usage mode where a server-UA request triggers the UA to initiate a protocol-level HTTP authentication transaction (and where that protocol would likely have its own means to represent parameters), but could serve to discriminate among different protected (e.g., hashed and/or encrypted) credential representations that UAs could transfer within POSTs and to carry their associated parameters. As such, this could provide a useful vehicle to incorporate enhanced capabilities within the common POST-based paradigm. --jl -----Original Message----- From: public-usable-authentication-request@w3.org [mailto:public-usable-authentication-request@w3.org] On Behalf Of Thomas Roessler Sent: Monday, August 07, 2006 12:39 PM To: public-usable-authentication@w3.org Subject: Updated charters, with tentative time line Hello, I've taken another stab at the scope and deliverable sections of the charter drafts, and added tentative time lines to these. http://www.w3.org/2005/Security/wsc-charter http://www.w3.org/2005/Security/htmlauth-charter For the security context information baseline group, I've tried to introduce a clearer partition between the question what to display (and how to do it nicely), and techniques to make that kind of display more robust against spoofing. (Thanks to Jeff Nelson (Google) for his suggestions.) The form annotations project has seen some general clean-up. The time line (identical for both groups at this point) is essentially the usual 3-month heartbeat requirement for public working drafts, with two public WDs before last call. A call for participation is assumed to go out in October, and an initial face-to-face meeting (for both groups; hopefully, we can find a way to co-locate these) is assumed for the week of 13 November. Caveat emptor: Please note that, at this point, these dates are working hypotheses! Comments would, as always, be useful, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Thursday, 10 August 2006 15:31:02 UTC