W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: HTTP Mutual-auth proposal status / HTTP AUTH meet-up in Anaheim?

From: =JeffH <Jeff.Hodges@KingsMountain.com>
Date: Mon, 28 Dec 2009 16:22:44 -0800
Message-ID: <4B394BD4.3020104@KingsMountain.com>
To: apps-discuss@ietf.org, public-web-security@w3.org
CC: ietf-http-wg@w3.org, ietf-http-auth@osafoundation.org
[ I am replying to all lists because the info wrt on-going HTTP authn work in 
the IETF OAuth WG may not as yet be widely known; otherwise, apologies for 
cross-posting ]


Thanks for sending out this announcement regarding your on-going work. Having a 
meetup of one form or another to discuss HTTP authentication will be useful.

In regards of the working-group context though, I note that the feedback given 
on your presentation at IETF-74 in SF was that it was likely that the 
appropriate place to discuss this work would be the to-be-formed OAuth WG...

from: http://www.ietf.org/proceedings/74/minutes/httpbis.txt:
 > Mutual Authentication was covered with some questions from the audience. It
 > was pointed out that it may be most appropriate to take this work to the
 > to-be-formed OAuth WG, since it now appears that they're designing a
 > "two-legged" (i.e., normal client/server) HTTP authentication mechanism as
 > well.

Indeed, the OAuth WG has now formed 
<http://www.ietf.org/dyn/wg/charter/oauth-charter.html> and its charter has 
this note down towards the end..

 > The Working Group will also define a generally applicable
 > HTTP authentication mechanism (i.e., browser-based "2-leg"
 > scenerio).

So I respectfully suggest re-sending your message to <oauth@ietf.org> and 
taking discussion there -- and for those interested folks to subscribe to 

Hope this helps,

Received on Tuesday, 29 December 2009 00:23:01 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:09:23 UTC