IETF Logo Mail Archive

Re: [apps-discuss] [kitten] [saag] HTTP authentication: the next generation

Eliot Lear <lear@cisco.com> Mon, 13 December 2010 13:44 UTC

Return-Path: <lear@cisco.com>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 689453A6E96; Mon, 13 Dec 2010 05:44:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.119
X-Spam-Level:
X-Spam-Status: No, score=-110.119 tagged_above=-999 required=5 tests=[AWL=0.480, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id txPFAo4BN0aO; Mon, 13 Dec 2010 05:44:16 -0800 (PST)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by core3.amsl.com (Postfix) with ESMTP id B6EF53A6E8E; Mon, 13 Dec 2010 05:44:15 -0800 (PST)
Authentication-Results: ams-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApkEALOxBU2Q/khNgWdsb2JhbACDXKAlFQEBFiIppxWKSZAogSGBcYFEdASKeQ
X-IronPort-AV: E=Sophos;i="4.59,335,1288569600"; d="scan'208";a="71525320"
Received: from ams-core-4.cisco.com ([144.254.72.77]) by ams-iport-1.cisco.com with ESMTP; 13 Dec 2010 13:45:53 +0000
Received: from dhcp-10-61-107-163.cisco.com (dhcp-10-61-107-163.cisco.com [10.61.107.163]) by ams-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id oBDDjqBp005402; Mon, 13 Dec 2010 13:45:52 GMT
Message-ID: <4D06239A.60208@cisco.com>
Date: Mon, 13 Dec 2010 14:46:02 +0100
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101027 Lightning/1.0b2 Thunderbird/3.1.6
MIME-Version: 1.0
To: Carsten Bormann <cabo@tzi.org>
References: <4D02AF81.6000907@stpeter.im> <p06240809c928635499e8@[10.20.30.150]> <ADDEC353-8DE6-408C-BC75-A50B795E2F6C@checkpoint.com> <78BD0B98-0F20-478B-85F1-DBB45691EB0D@padl.com> <4D0479E3.4050508@gmail.com> <4D04D7D6.4090105@isode.com> <A23730A9-728B-4533-96D7-0B62496CC98A@checkpoint.com> <4D051731.1020400@isode.com> <4D054041.7010203@cisco.com> <0435D11C-DF55-464D-B23F-F5D114DEE2C3@checkpoint.com> <2229.1292235952.971571@puncture> <4D05FB8F.3070804@qbik.com> <2229.1292239384.281779@puncture> <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org>
In-Reply-To: <96517E19-5DC7-47A0-8C21-C710F6F8F772@tzi.org>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: General discussion of application-layer protocols <apps-discuss@ietf.org>, websec <websec@ietf.org>, Common Authentication Technologies - Next Generation <kitten@ietf.org>, http-auth@ietf.org, saag@ietf.org, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Subject: Re: [apps-discuss] [kitten] [saag] HTTP authentication: the next generation
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Dec 2010 13:44:17 -0000

On 12/13/10 1:14 PM, Carsten Bormann wrote:
> As a webapp developer, I want to control the user interface during authentication.
> Leaving the user alone with the bland and unforgiving browser user interface for HTTP auth is suicide.
> I want to provide extra buttons for forgotten passwords, maybe even password hints, and a "sign up" method.
> HTML/CSS/JS lends itself well to providing such a friendly user interface.

On the other hand, that's what you have today.  What is it you want for
tomorrow?

Eliot

v2.23.0 | Report a Bug | By Email