[ no hat ] On 3/1/12 11:01 AM, Nick Hilliard wrote: > On 01/03/2012 17:50, Peter Saint-Andre wrote: >> Stephen and I just had a chat about this matter. He and I came up with a >> proposed paragraph to add after that list of bullet points: >> >> In the initial phase of work on HTTP/2.0, new proposals >> for authentication schemes can be made. The WG will >> select zero or more of those with a goal of choosing >> at least one scheme that is better than those available >> for HTTP/1.x. Non-selected schemes might be discussed >> with the IETF Security Area for further work there. >> >> Your comments are welcome. > > Can I suggest you also include authorization capabilities as a core > component of this. It's not much use to have people able to authenticate > themselves to a system if that system doesn't also provide a framework for > allowing the server-side application decide what they can or cannot do. Feel free to include that in your proposal. :) Peter -- Peter Saint-Andre https://stpeter.im/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf