IETF Logo Mail Archive

Re: [Ietf-http-auth] WAE topic/problem scope (was: Stab at grouping of problem (was: Re: [dix] Agenda bashing))

Lisa Dusseault <lisa@osafoundation.org> Fri, 14 July 2006 13:54 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1O8B-0007cR-7z; Fri, 14 Jul 2006 09:54:59 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1O8A-0007cM-0Z for dix@ietf.org; Fri, 14 Jul 2006 09:54:58 -0400
Received: from laweleka.osafoundation.org ([204.152.186.98]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G1O88-0000vL-Ie for dix@ietf.org; Fri, 14 Jul 2006 09:54:57 -0400
Received: from [132.219.12.252] (unknown [132.219.12.252]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by laweleka.osafoundation.org (Postfix) with ESMTP id 804D614229F; Fri, 14 Jul 2006 06:54:55 -0700 (PDT)
In-Reply-To: <44B716B6.4080702@neustar.biz>
References: <FB325DF2-432E-4B98-B9D4-3B096008BEE8@sxip.com> <44B716B6.4080702@neustar.biz>
Mime-Version: 1.0 (Apple Message framework v750)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <1B2E5A32-4DFE-43E7-8A33-53D90322939B@osafoundation.org>
Content-Transfer-Encoding: 7bit
From: Lisa Dusseault <lisa@osafoundation.org>
Subject: Re: [Ietf-http-auth] WAE topic/problem scope (was: Stab at grouping of problem (was: Re: [dix] Agenda bashing))
Date: Fri, 14 Jul 2006 09:54:44 -0400
To: Jeff Hodges <Jeff.Hodges@neustar.biz>
X-Mailer: Apple Mail (2.750)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 31247fb3be228bb596db9127becad0bc
Cc: Digital Identity Exchange <dix@ietf.org>, IETF HTTP Auth <ietf-http-auth@lists.osafoundation.org>
X-BeenThere: dix@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Digital Identity Exchange <dix@ietf.org>
List-Id: Digital Identity Exchange <dix.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/dix>
List-Post: <mailto:dix@ietf.org>
List-Help: <mailto:dix-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/dix>, <mailto:dix-request@ietf.org?subject=subscribe>
Errors-To: dix-bounces@ietf.org

The outcome of WAE could be 0, 1 or more WGs.  The conflation in the  
BoF does not necessarily mean conflation in WG(s).  The breakdown is  
appreciated.

Lisa

On Jul 13, 2006, at 11:59 PM, Jeff Hodges wrote:

> Just to attempt to help clarify, in my understanding WAE was begot  
> by the conflation of three topic areas..
>
>  1. in-protocol authentication (for HTTP)
>
>     e.g. that which is defined within the HTTP spec set itself and is
>     used by an HTTP client to authn directly with an HTTP server.  
> Presently
>     the two available mechanisms are Basic and Digest. There are  
> use cases,
>     eg CalDAV, that would ostensibly benefit from a wider range of
>     in-protocol HTTP authn mechanisms. My understanding is that  
> this was the
>     motivation for creating the ietf-http-auth@ list.
>
>
>  2. application-level authentication/SSO and attribute sharing (for  
> HTTP-based
>     web-oriented (eg portal-based) apps)
>
>     This is a well-trod area with a plethora of existing solution  
> approaches
>     which are deployed to varying extents: SAML web sso profiles,  
> Liberty
>     ID-FF, Shib, OpenID, SXIP(/DIX), LID, WS-Federation, RoboForm,  
> etc. The
>     primary reason this topic is on the table in this venue is a  
> perception
>     that perhaps "more" can be done in order to facilitate wider  
> and more quick
>     adoption amongst websites in the wider Internet, eg "the  
> blogosphere".
>     This was the motivation for creation of the dix@ list.
>
>
>  3. anti-phishing
>
>     The motivation why this is on the list is obvious.
>     Effective overall solutions will involve a large component of user
>     interface (UI) approaches. Some would argue that the UI aspects  
> are the
>     first-order ones (and this is not a typical IETF problem  
> domain). Though
>     as well as UI, any solutions will likely rely on capabilities/ 
> properties
>     obtained from solutions to 1 and/or 2 above, and may require  
> specific
>     capabilities/properties that 1 and/or 2 don't otherwise provide.
>
>
> At this point, it isn't clear to me that the WAE BoF represents  
> just one overall "problem" to solve. Each of these are large  
> distinct topic areas in their own right, though they do intersect.  
> It will be a challenge to not short-shrift one or more of them. It  
> should be an entertaiing discussion.
>
>
> JeffH
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Ietf-http-auth mailing list
> Ietf-http-auth@osafoundation.org
> http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth


_______________________________________________
dix mailing list
dix@ietf.org
https://www1.ietf.org/mailman/listinfo/dix

v2.23.0 | Report a Bug | By Email