On 01/03/2012 17:50, Peter Saint-Andre wrote: > Stephen and I just had a chat about this matter. He and I came up with a > proposed paragraph to add after that list of bullet points: > > In the initial phase of work on HTTP/2.0, new proposals > for authentication schemes can be made. The WG will > select zero or more of those with a goal of choosing > at least one scheme that is better than those available > for HTTP/1.x. Non-selected schemes might be discussed > with the IETF Security Area for further work there. > > Your comments are welcome. Can I suggest you also include authorization capabilities as a core component of this. It's not much use to have people able to authenticate themselves to a system if that system doesn't also provide a framework for allowing the server-side application decide what they can or cannot do. Nick _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf