The main substantive query that seemed to be raised in the meeting was what we are going to call this session continuation thing. I am not that worried about confusion with HTTP-Auth. Folk who know, know.
But one of the objectives here is to replace cookies. So choosing a name that positions the spec as a successor to authentication cookies is actually quite important. How about Session Bound State as the term of art? -- Website: http://hallambaker.com/ _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
