Hi all In Vancouver, the httpbis working group declined to adopt any of the proposed authentication schemes.
In the coming IETF meeting, the security area is going to have a BoF with the intention of forming a working group to create a bunch of experimental RFCs for new authentication methods in HTTP. There are quite a few proposed methods. Follow this URL to see a list: http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals If you are interested in this topic, we'd be happy to see you in the BoF. One thing that I think is missing from the discussion is the UI implications of authentication at the HTTP layer. It has been suggested that UI issues are the reason for the relatively sparse deployment of HTTP layer authentication, but I don't think the current discussion has been informed by UI experts who could tell us what future authentication methods should do in terms of UI to gain meaningful deployment. If you or someone you know has such expertise and would be willing to speak at the Atlanta BoF, please contact Derek Atkins and me offline. Yoav (with BoF chair hat on) _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
