On Mar 1, 2012, at 10:01 AM, Nick Hilliard wrote: > Can I suggest you also include authorization capabilities as a core > component of this. It's not much use to have people able to authenticate > themselves to a system if that system doesn't also provide a framework for > allowing the server-side application decide what they can or cannot do. This is a request for an HTTP capability that is significantly different than what has been proposed before, and has not been one of the items that caused problems in HTTP 1.x. I suggest that this not be part of the charter for httpbis until it can be shown to be a significant need, not just a new idea. --Paul Hoffman _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf