the host-meta facility is something that may be of use for various aspects of
web (app) security...
------- Forwarded Message
Subject: host-meta approved as RFC
From: Eran Hammer-Lahav <[email protected]>
Date: Mon, 19 Sep 2011 11:10:54 -0700 (PDT)
To: [email protected]
Just a quick update to anyone still keeping track of this work. The
host-meta spec has been approved as RFC and will move to the RFC editor
shortly. The spec is final and will be published as an IETF Proposed
Standard.
If you haven't been following it for the past year, the two major changes
are:
* Simplification of the HTTP vs HTTPS prose, moving the decision to the
application using it. IOW, if you are using it for security or identity
services, you should require HTTPS or some form of signatures.
* JSON-based format (JRD) with full support for all XRD features and
host-meta priority-based processing.
I would highly recommend that if you are deploying any new host-meta
facilities, that you support the host-meta.json resource and look for it
first when parsing.
EHL
------- End of Forwarded Message
_______________________________________________
websec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/websec
