On 2/22/12 10:31 AM, Paul Hoffman wrote: > The earnest calls for better authentication on this thread appear to > ignore the fact that the very things that are being requested were > put out of scope for the websec WG in their charter. I hope that no > one things that a WG in the Applications Area will be better equipped > to come up with a better authentication mechanism than one in the > Security Area. The WebSec WG is in the Applications Area. > Asking the HTTPheads to guess what the securityheads might want is > not a good way to design HTTP 2.0. Probably not. > Proposal: leave the httpbis WG charter as-is and re-charter the > websec WG to consider what is needed in the HTTP authentication > model. Later, recharter the websec WG to, you know, actually do the > security work for authentication. Or charter a separate WG to focus on HTTP authentication. (You might recall that the BoF leading to formation of the WebSec WG was entitled HASMAT = "HTTP Application Security Minus Authentication and Transport" or somesuch.) Peter -- Peter Saint-Andre https://stpeter.im/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf