- From: Harry Halpin <hhalpin@w3.org>
- Date: Tue, 17 Dec 2013 23:26:29 +0100
- To: "public-web-security@w3.org" <public-web-security@w3.org>
The IETF has a working group charter they are working on in this space,
but W3C help could probably be used in terms of assuring implementation.
As for myself, while I realize that a browser chrome-based login or
standardized pop-up ala HTTPAuth will likely never be used by most
sites, something like that for high-security sites should work (and of
course, w3.org!).
On the protocol level, I really prefer just good old-fashioned SRP
(Secure Remote Password) simply because that is what I've used in past
implementation work, but I understand the field has moved on a bit. Can
anyone provide a brief summary of what is state of the art in Auth
beyond SRP [1]?
cheers,
harry
[1] http://srp.stanford.edu/
Received on Tuesday, 17 December 2013 22:26:38 UTC