[http-auth] Beyond HTTP Authentication: OAuth, OpenID, and BrowserID: Meeting on March 29th at IETF83

Harry Halpin <hhalpin@w3.org> Mon, 19 March 2012 22:03 UTC

Return-Path: <hhalpin@w3.org>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 1391321F8702 for <http-auth@ietfa.amsl.com>; Mon, 19 Mar 2012 15:03:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.299
X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_43=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id OKCvRRgkDk6m for <http-auth@ietfa.amsl.com>; Mon, 19 Mar 2012 15:03:04 -0700 (PDT)
Received: from jay.w3.org (ssh.w3.org []) by ietfa.amsl.com (Postfix) with ESMTP id 6033921F86F6 for <http-auth@ietf.org>; Mon, 19 Mar 2012 15:03:03 -0700 (PDT)
Received: from seattle207.riseup.net ([] helo=[]) by jay.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from <hhalpin@w3.org>) id 1S9kfO-0006gb-Sv; Mon, 19 Mar 2012 18:03:03 -0400
Message-ID: <4F67AD46.6040703@w3.org>
Date: Mon, 19 Mar 2012 23:03:50 +0100
From: Harry Halpin <hhalpin@w3.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20120216 Lightning/1.0b2 Thunderbird/3.1.19
MIME-Version: 1.0
To: "http-auth@ietf.org" <http-auth@ietf.org>, "public-identity@w3.org" <public-identity@w3.org>, dev-identity@lists.mozilla.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [http-auth] Beyond HTTP Authentication: OAuth, OpenID, and BrowserID: Meeting on March 29th at IETF83
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 22:03:05 -0000

Not sure how many people are making it to IETF83, but W3C is hosting an 
onsite meeting on Thursday to discuss OAuth, BrowserID, OpenID, and the 
upcoming W3C Web Cryptography Working Group. Everyone is invited!

==Beyond HTTP Authentication: OAuth, OpenID, and BrowserID==

=Time and Location=

Thursday lunchtime (1130 to 1300) in room 252A just between the SCIM BoF 
and OAuth WG as part of IETF83 in Paris.

= Problem Statement=

While OAuth has solved the authorization problem, currently 
authentication on the Web is still insecure as it has yet for the most 
part failed to go beyond user-names and passwords. However, at this 
point a number of new client-side capabilities, including the 
possibility of W3C standardized Javascript cryptographic primitives, are 
emerging and a number of specifications such as OpenID Connect, 
BrowserID, and discussions over the future of HTTP Auth have shown that 
there is interest in understanding better how client-side key material 
can be used to enable a more secure Web authentication. However, there 
has yet to be consensus on how client-side cryptography can enable 
higher-security OAuth flows. The purpose of this side meeting is to look 
at a more coherent picture of how technologies in the space of identity, 
authentication, and authorization combine and interact and to help frame 
future work in Web authentication.

This informal meeting will present a number of proposed technical 
proposals in brief, including relationships to other existing work (such 
as RTCWeb and the upcoming W3C Web Cryptography Working Group), and to 
help frame future work in the area.and then precede with open discussion.

For any questions, please contact Harry Halpin (hhalpin@w3.org)


11:30-11:45 Lightning presentations to "level-set" participants.

Mike Jones (Microsoft) will present the latest work from JOSE and OpenID 
Eric Rescorla (Mozilla hat on) will present Mozilla Persona and 
RTCWeb/WebRTC work
Blaine Cook will present OAuth 2.0
Harry Halpin (W3C) will present the upcoming W3C Web Cryptography API.

11:45-13:00 Open discussion on co-ordination between OAuth, HTTP Auth, 
OpenID Connect, BrowserID, and W3C.