browser id, openid, and oauth are all authentication frameworks built
on top of HTTP
OAuth is an authorization framework, not an authentication one. Please be careful to make the distinction.
What we're looking at here is the need for an HTTP authentication system that (for example) doesn't send reusable credentials, is less susceptible to spoofing attacks, and so on.
Barry
_______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf