[http-auth] drafty http-auth wg charter
Sean Turner <turners@ieca.com> Thu, 13 September 2012 19:28 UTC
Return-Path: <turners@ieca.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A76BA21F84D2 for <http-auth@ietfa.amsl.com>; Thu, 13 Sep 2012 12:28:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.362
X-Spam-Level:
X-Spam-Status: No, score=-101.362 tagged_above=-999 required=5 tests=[AWL=-0.586, BAYES_05=-1.11, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DRYCV1JWA0Vz for <http-auth@ietfa.amsl.com>; Thu, 13 Sep 2012 12:28:08 -0700 (PDT)
Received: from gateway14.websitewelcome.com (gateway14.websitewelcome.com [67.18.82.11]) by ietfa.amsl.com (Postfix) with ESMTP id 2DE3021F84D1 for <http-auth@ietf.org>; Thu, 13 Sep 2012 12:28:08 -0700 (PDT)
Received: by gateway14.websitewelcome.com (Postfix, from userid 5007) id BB2CA7D499A3; Thu, 13 Sep 2012 14:28:07 -0500 (CDT)
Received: from gator1743.hostgator.com (gator1743.hostgator.com [184.173.253.227]) by gateway14.websitewelcome.com (Postfix) with ESMTP id A271F7D49963 for <http-auth@ietf.org>; Thu, 13 Sep 2012 14:28:07 -0500 (CDT)
Received: from [108.18.174.220] (port=57257 helo=thunderfish.local) by gator1743.hostgator.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <turners@ieca.com>) id 1TCF55-0001H1-11 for http-auth@ietf.org; Thu, 13 Sep 2012 14:28:07 -0500
Message-ID: <505233C6.1010000@ieca.com>
Date: Thu, 13 Sep 2012 15:28:06 -0400
From: Sean Turner <turners@ieca.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:15.0) Gecko/20120824 Thunderbird/15.0
MIME-Version: 1.0
To: http-auth@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator1743.hostgator.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - ieca.com
X-BWhitelist: no
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (thunderfish.local) [108.18.174.220]:57257
X-Source-Auth: sean.turner@ieca.com
X-Email-Count: 4
X-Source-Cap: ZG9tbWdyNDg7ZG9tbWdyNDg7Z2F0b3IxNzQzLmhvc3RnYXRvci5jb20=
Subject: [http-auth] drafty http-auth wg charter
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Sep 2012 19:28:08 -0000
I'm glad to see there's some interest in an http-auth BOF. With the deadlines fast approaching, I'd like jump start the charter discussions by providing a drafty wg charter. Feel free to use this or not. spt -------- HTTP authentication [ref] is currently used for user authentication by some web sites. While form-based user authentication is currently much more commonly used, there is utility in providing better documentation for existing HTTP user authentication schemes that are in use, and for documenting experimental HTTP user authentication schemes that might offer security benefits for future uses. The httpbis WG recently issued a call for proposals [ref] for HTTP authentication schemes as part of its work in further developing HTTP, including work on HTTP/2.0. While a number of proposals were made, [ref] there is at present no consensus to adopt any of those as standards-track work items within the httpbis WG. The http-auth WG will develop a set of informational or experimental RFCs for HTTP user authentication schemes that could, following experimentation, be widely adopted as standards-track schemes for HTTP user authentication. All schemes to be developed in the http-auth WG must be usable with the existing HTTP authentication framework, [ref] or with evolutions of that framework as developed in the httpbis WG. That is, the evolution of the HTTP authentication framework is to be done in the httpbis WG and not in the http-auth WG. However, the http-auth WG may document requirements for changes or additions to the HTTP authentication framework and any schemes developed in the http-auth WG that would benefit from such changes or additions to the HTTP authentication framework must document those changes or additions as an inherent part of their specifications. Any such schemes must however also be usable with the existing unmodified HTTP authentication framework. The http-auth WG will work closely with the httpbis and tls WGs and the <<whatever>> WGs in W3C to ensure that the outcomes from the http-auth WG do not conflict with work done elsewhere. The initial list of work items will be: - <<the subset of the set of schemes that were proposed to the httpbis WG [ref] that survive the BoF>> Adoption of additional work items will require a re-charter. The following are out of scope: - changes to HTTP - changes to TLS - definition of authentication mechanisms that do not work with the current HTTP authentication framework - authentication of devices or components of web services (??) <<not sure about this bit, we don't want to boil any oceans, but maybe "just web sites" is too limiting?>> Milestones: - <<entirely dependent on the list of survivors>>
- [http-auth] drafty http-auth wg charter Sean Turner
- Re: [http-auth] drafty http-auth wg charter Harry Halpin
- Re: [http-auth] drafty http-auth wg charter Nico Williams
- Re: [http-auth] drafty http-auth wg charter Julian Reschke
- Re: [http-auth] drafty http-auth wg charter Stephen Farrell
- Re: [http-auth] drafty http-auth wg charter Nico Williams