RE: Reminder: Call for Proposals - HTTP Authentication

<Markus.Isomaki@nokia.com> Thu, 03 May 2012 10:40 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C99B821F85DD for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 3 May 2012 03:40:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jXRQ6cCk2m7O for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 3 May 2012 03:40:25 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id C4F5021F85D6 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 3 May 2012 03:40:25 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1SPtQU-0002s5-Nd for ietf-http-wg-dist@listhub.w3.org; Thu, 03 May 2012 10:38:22 +0000
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <Markus.Isomaki@nokia.com>) id 1SPtQK-0002r9-8n for ietf-http-wg@listhub.w3.org; Thu, 03 May 2012 10:38:12 +0000
Received: from smtp.nokia.com ([147.243.128.24] helo=mgw-da01.nokia.com) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <Markus.Isomaki@nokia.com>) id 1SPtQD-0006xX-El for ietf-http-wg@w3.org; Thu, 03 May 2012 10:38:10 +0000
Received: from vaebh105.NOE.Nokia.com (in-mx.nokia.com [10.160.244.31]) by mgw-da01.nokia.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q43AbTcd031272; Thu, 3 May 2012 13:37:34 +0300
Received: from smtp.mgd.nokia.com ([65.54.30.20]) by vaebh105.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Thu, 3 May 2012 13:37:29 +0300
Received: from 008-AM1MPN1-043.mgdnok.nokia.com ([169.254.3.106]) by 008-AM1MMR1-011.mgdnok.nokia.com ([65.54.30.20]) with mapi id 14.02.0283.004; Thu, 3 May 2012 12:37:28 +0200
From: <Markus.Isomaki@nokia.com>
To: <lionel.morand@orange.com>, <mnot@mnot.net>
CC: <ietf-http-wg@w3.org>
Thread-Topic: Reminder: Call for Proposals - HTTP Authentication
Thread-Index: Ac0kNv+k4jF4bnX1TAOAzfrcv6a4LgAIgaigAACohiAApdNUIAAMZ0wAABecNgAAZPi0AA==
Date: Thu, 3 May 2012 10:37:27 +0000
Message-ID: <E44893DD4E290745BB608EB23FDDB7621EFB93@008-AM1MPN1-043.mgdnok.nokia.com>
References: <14A09626-8397-4656-A042-FEFDDD017C9F@mnot.net> <B11765B89737A7498AF63EA84EC9F577014C8B6C@ftrdmel1> <D159EF0F-AEEC-4629-91EC-C6B0A9BEA9EE@mnot.net> <B11765B89737A7498AF63EA84EC9F577014C8B82@ftrdmel1>
In-Reply-To: <B11765B89737A7498AF63EA84EC9F577014C8B82@ftrdmel1>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.21.80.29]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 03 May 2012 10:37:29.0086 (UTC) FILETIME=[BD0619E0:01CD2918]
X-Nokia-AV: Clean
Received-SPF: pass client-ip=147.243.128.24; envelope-from=Markus.Isomaki@nokia.com; helo=mgw-da01.nokia.com
X-W3C-Hub-Spam-Status: No, score=-4.2
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01
X-W3C-Scan-Sig: lisa.w3.org 1SPtQD-0006xX-El e22e1549185e742d490ab93f398001ea
X-Original-To: ietf-http-wg@w3.org
Subject: RE: Reminder: Call for Proposals - HTTP Authentication
Archived-At: <http://www.w3.org/mid/E44893DD4E290745BB608EB23FDDB7621EFB93@008-AM1MPN1-043.mgdnok.nokia.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/13514
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1SPtQU-0002s5-Nd@frink.w3.org>
Resent-Date: Thu, 03 May 2012 10:38:22 +0000

Hi Lionel,

Out of curiosity, do you know about implementations or deployment of RFC 3310 in the context of HTTP? I know it is used in a special way in SIP ("IMS") authentication in a few deployments.

Would the intent be just a promotion from Informational to Standards Track, which would not require any specific technical work as such?

Markus 

>-----Original Message-----
>From: ext lionel.morand@orange.com [mailto:lionel.morand@orange.com]
>Sent: 01 May, 2012 15:13
>To: mnot@mnot.net
>Cc: ietf-http-wg@w3.org
>Subject: RE: Reminder: Call for Proposals - HTTP Authentication
>
>Hi Mark,
>
>Of course, to be applicable, the first requirement for SIM-based
>authentication schemes is to have a SIM card (or software based
>implementation) and this implies that you have a mobile subscription.
>However, the authentication mechanism is not contrite to mobile networks
>and can be typically used over any HTTP-based access, e.g. wifi, adsl, cable,
>etc., the mobile network being used only for AAA purposes, as trusted 3rd-
>party.
>Moreover, the terminal itself can be a mobile phone but also any IP-enabled
>device (e.g. PC, tablet, etc.) providing a API to the SIM card. Moreover, the
>browser is seen as off-the-shelf application and not mobile specific.
>
>For the reasons, I was considering that it would be a general interest to
>reference a standard document instead of an Informational RFC. And this
>period of "clean-up" of the HTTP documentation seems to be suitable for
>that.
>
>Regards,
>
>Lionel
>
>-----Message d'origine-----
>De : Mark Nottingham [mailto:mnot@mnot.net] Envoyé : mardi 1 mai 2012
>02:57 À : MORAND Lionel RD-CORE-ISS Cc : ietf-http-wg@w3.org Objet : Re:
>Reminder: Call for Proposals - HTTP Authentication
>
>Hi Lionel,
>
>Do you know of any use outside of a mobile context? If there's interest, we
>can certainly look at it, but if it's relegated to just that market (whether or
>technical or social reasons), I don't think this would necessarily be the right
>place to advance it to a standard (speaking just for me).
>
>Cheers,
>
>
>On 01/05/2012, at 3:02 AM, <lionel.morand@orange.com>;
><lionel.morand@orange.com>; wrote:
>
>> Any feedback?
>>
>> Lionel
>>
>> -----Message d'origine-----
>> De : MORAND Lionel RD-CORE-ISS
>> Envoyé : vendredi 27 avril 2012 11:54
>> À : 'Mark Nottingham'; 'HTTP Working Group'
>> Objet : RE: Reminder: Call for Proposals - HTTP Authentication
>>
>> Hi,
>>
>> RFC 3310 is informational but used in mobile networks. I think it is worth to
>consider the interest of defining this mechanism as "standard" HTTP
>authentication scheme. What should be the process?
>>
>> In the same line, I have a draft on adaption of RFC3310 for 2G AKA (see.
>http://tools.ietf.org/id/draft-morand-http-digest-2g-aka-02.txt). I would
>propose to add it to the list of new potential authentication schemes but only
>if RFC 3310 is part of the same list. Otherwise, it could be only informal.
>>
>> Regards,
>>
>> Lionel
>>
>> -----Message d'origine-----
>> De : Mark Nottingham [mailto:mnot@mnot.net] Envoyé : vendredi 27 avril
>> 2012 07:28 À : HTTP Working Group Objet : Reminder: Call for Proposals
>> - HTTP/2.0 and HTTP Authentication
>>
>> Just a reminder that we're still accepting proposals for:
>>
>> 1. HTTP/2.0
>> 2. New HTTP authentication schemes
>>
>> As per our charter <http://datatracker.ietf.org/wg/httpbis/charter/>;.
>>
>> So far, we've received the following proposals applicable to HTTP/2.0:
>>  <http://trac.tools.ietf.org/wg/httpbis/trac/wiki/Http2Proposals>
>>
>> But none yet for authentication schemes:
>>  <http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals>
>>
>> As communicated in Paris, the deadline for proposals is 15 June, 2012. It's
>fine if your proposal isn't complete, but we do need to have a  good sense of
>it by then, for discussion.
>>
>> Regards,
>>
>> --
>> Mark Nottingham   http://www.mnot.net/
>>
>>
>>
>>
>
>--
>Mark Nottingham   http://www.mnot.net/
>
>
>