Re: [Ietf-http-auth] WAE topic/problem scope (was: Stab at grouping of problem (was: Re: [dix] Agenda bashing))
Lisa Dusseault <lisa@osafoundation.org> Fri, 14 July 2006 13:54 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1O8B-0007cR-7z; Fri, 14 Jul 2006 09:54:59 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1O8A-0007cM-0Z for dix@ietf.org; Fri, 14 Jul 2006 09:54:58 -0400
Received: from laweleka.osafoundation.org ([204.152.186.98]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G1O88-0000vL-Ie for dix@ietf.org; Fri, 14 Jul 2006 09:54:57 -0400
Received: from [132.219.12.252] (unknown [132.219.12.252]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by laweleka.osafoundation.org (Postfix) with ESMTP id 804D614229F; Fri, 14 Jul 2006 06:54:55 -0700 (PDT)
In-Reply-To: <44B716B6.4080702@neustar.biz>
References: <FB325DF2-432E-4B98-B9D4-3B096008BEE8@sxip.com> <44B716B6.4080702@neustar.biz>
Mime-Version: 1.0 (Apple Message framework v750)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <1B2E5A32-4DFE-43E7-8A33-53D90322939B@osafoundation.org>
Content-Transfer-Encoding: 7bit
From: Lisa Dusseault <lisa@osafoundation.org>
Subject: Re: [Ietf-http-auth] WAE topic/problem scope (was: Stab at grouping of problem (was: Re: [dix] Agenda bashing))
Date: Fri, 14 Jul 2006 09:54:44 -0400
To: Jeff Hodges <Jeff.Hodges@neustar.biz>
X-Mailer: Apple Mail (2.750)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 31247fb3be228bb596db9127becad0bc
Cc: Digital Identity Exchange <dix@ietf.org>, IETF HTTP Auth <ietf-http-auth@lists.osafoundation.org>
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org
The outcome of WAE could be 0, 1 or more WGs. The conflation in the BoF does not necessarily mean conflation in WG(s). The breakdown is appreciated. Lisa On Jul 13, 2006, at 11:59 PM, Jeff Hodges wrote: > Just to attempt to help clarify, in my understanding WAE was begot > by the conflation of three topic areas.. > > 1. in-protocol authentication (for HTTP) > > e.g. that which is defined within the HTTP spec set itself and is > used by an HTTP client to authn directly with an HTTP server. > Presently > the two available mechanisms are Basic and Digest. There are > use cases, > eg CalDAV, that would ostensibly benefit from a wider range of > in-protocol HTTP authn mechanisms. My understanding is that > this was the > motivation for creating the ietf-http-auth@ list. > > > 2. application-level authentication/SSO and attribute sharing (for > HTTP-based > web-oriented (eg portal-based) apps) > > This is a well-trod area with a plethora of existing solution > approaches > which are deployed to varying extents: SAML web sso profiles, > Liberty > ID-FF, Shib, OpenID, SXIP(/DIX), LID, WS-Federation, RoboForm, > etc. The > primary reason this topic is on the table in this venue is a > perception > that perhaps "more" can be done in order to facilitate wider > and more quick > adoption amongst websites in the wider Internet, eg "the > blogosphere". > This was the motivation for creation of the dix@ list. > > > 3. anti-phishing > > The motivation why this is on the list is obvious. > Effective overall solutions will involve a large component of user > interface (UI) approaches. Some would argue that the UI aspects > are the > first-order ones (and this is not a typical IETF problem > domain). Though > as well as UI, any solutions will likely rely on capabilities/ > properties > obtained from solutions to 1 and/or 2 above, and may require > specific > capabilities/properties that 1 and/or 2 don't otherwise provide. > > > At this point, it isn't clear to me that the WAE BoF represents > just one overall "problem" to solve. Each of these are large > distinct topic areas in their own right, though they do intersect. > It will be a challenge to not short-shrift one or more of them. It > should be an entertaiing discussion. > > > JeffH > > > > > > > > > > > > > _______________________________________________ > Ietf-http-auth mailing list > Ietf-http-auth@osafoundation.org > http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth _______________________________________________ dix mailing list dix@ietf.org https://www1.ietf.org/mailman/listinfo/dix
- [dix] Stab at grouping of problem Dick Hardt
- WAE topic/problem scope (was: Stab at grouping of… Jeff Hodges
- Re: [Ietf-http-auth] WAE topic/problem scope (was… Lisa Dusseault