Re: Reminder: Call for Proposals - HTTP Authentication

Mark Nottingham <mnot@mnot.net> Tue, 01 May 2012 23:32 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D28221E80C3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 1 May 2012 16:32:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nWlQf685g9-u for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 1 May 2012 16:32:52 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 7B09C21E8086 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 1 May 2012 16:32:50 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1SPMXB-00043H-3A for ietf-http-wg-dist@listhub.w3.org; Tue, 01 May 2012 23:31:05 +0000
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <mnot@mnot.net>) id 1SPMWw-0003XX-Qz for ietf-http-wg@listhub.w3.org; Tue, 01 May 2012 23:30:50 +0000
Received: from mxout-08.mxes.net ([216.86.168.183]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1SPMWs-0004jg-71 for ietf-http-wg@w3.org; Tue, 01 May 2012 23:30:48 +0000
Received: from [192.168.0.100] (unknown [110.150.155.183]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 768B350A65; Tue, 1 May 2012 19:30:22 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset=iso-8859-1
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <B11765B89737A7498AF63EA84EC9F577014C8B82@ftrdmel1>
Date: Wed, 2 May 2012 09:30:23 +1000
Cc: <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <594FB5C6-C676-43B4-9D4F-586573E24E04@mnot.net>
References: <14A09626-8397-4656-A042-FEFDDD017C9F@mnot.net> <B11765B89737A7498AF63EA84EC9F577014C8B6C@ftrdmel1> <D159EF0F-AEEC-4629-91EC-C6B0A9BEA9EE@mnot.net> <B11765B89737A7498AF63EA84EC9F577014C8B82@ftrdmel1>
To: <lionel.morand@orange.com> <lionel.morand@orange.com>
X-Mailer: Apple Mail (2.1257)
Received-SPF: pass client-ip=216.86.168.183; envelope-from=mnot@mnot.net; helo=mxout-08.mxes.net
X-W3C-Hub-Spam-Status: No, score=-1.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1SPMWs-0004jg-71 51dfad7fc0aa798afad1bdda1ffc953f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Reminder: Call for Proposals - HTTP Authentication
Archived-At: <http://www.w3.org/mid/594FB5C6-C676-43B4-9D4F-586573E24E04@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/13502
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1SPMXB-00043H-3A@frink.w3.org>
Resent-Date: Tue, 01 May 2012 23:31:05 +0000

We can certainly discuss it. 

Would you be willing to write up a small Internet-Draft (e.g., 1-2 pages) outlining the proposal and any work you see as necessary (either in modifying the RFC as it progresses, or adding more infrastructure to make it more broadly usable?

Cheers,


On 01/05/2012, at 10:13 PM, <lionel.morand@orange.com>; <lionel.morand@orange.com>; wrote:

> Hi Mark,
> 
> Of course, to be applicable, the first requirement for SIM-based authentication schemes is to have a SIM card (or software based implementation) and this implies that you have a mobile subscription. 
> However, the authentication mechanism is not contrite to mobile networks and can be typically used over any HTTP-based access, e.g. wifi, adsl, cable, etc., the mobile network being used only for AAA purposes, as trusted 3rd-party.
> Moreover, the terminal itself can be a mobile phone but also any IP-enabled device (e.g. PC, tablet, etc.) providing a API to the SIM card. Moreover, the browser is seen as off-the-shelf application and not mobile specific.
> 
> For the reasons, I was considering that it would be a general interest to reference a standard document instead of an Informational RFC. And this period of "clean-up" of the HTTP documentation seems to be suitable for that.
> 
> Regards,
> 
> Lionel
> 
> -----Message d'origine-----
> De : Mark Nottingham [mailto:mnot@mnot.net] 
> Envoyé : mardi 1 mai 2012 02:57
> À : MORAND Lionel RD-CORE-ISS
> Cc : ietf-http-wg@w3.org
> Objet : Re: Reminder: Call for Proposals - HTTP Authentication
> 
> Hi Lionel,
> 
> Do you know of any use outside of a mobile context? If there's interest, we can certainly look at it, but if it's relegated to just that market (whether or technical or social reasons), I don't think this would necessarily be the right place to advance it to a standard (speaking just for me).
> 
> Cheers,
> 
> 
> On 01/05/2012, at 3:02 AM, <lionel.morand@orange.com>; <lionel.morand@orange.com>; wrote:
> 
>> Any feedback?
>> 
>> Lionel
>> 
>> -----Message d'origine-----
>> De : MORAND Lionel RD-CORE-ISS 
>> Envoyé : vendredi 27 avril 2012 11:54
>> À : 'Mark Nottingham'; 'HTTP Working Group'
>> Objet : RE: Reminder: Call for Proposals - HTTP Authentication
>> 
>> Hi,
>> 
>> RFC 3310 is informational but used in mobile networks. I think it is worth to consider the interest of defining this mechanism as "standard" HTTP authentication scheme. What should be the process?
>> 
>> In the same line, I have a draft on adaption of RFC3310 for 2G AKA (see. http://tools.ietf.org/id/draft-morand-http-digest-2g-aka-02.txt). I would propose to add it to the list of new potential authentication schemes but only if RFC 3310 is part of the same list. Otherwise, it could be only informal.
>> 
>> Regards,
>> 
>> Lionel 
>> 
>> -----Message d'origine-----
>> De : Mark Nottingham [mailto:mnot@mnot.net] 
>> Envoyé : vendredi 27 avril 2012 07:28
>> À : HTTP Working Group
>> Objet : Reminder: Call for Proposals - HTTP/2.0 and HTTP Authentication
>> 
>> Just a reminder that we're still accepting proposals for:
>> 
>> 1. HTTP/2.0
>> 2. New HTTP authentication schemes
>> 
>> As per our charter <http://datatracker.ietf.org/wg/httpbis/charter/>;.
>> 
>> So far, we've received the following proposals applicable to HTTP/2.0:
>> <http://trac.tools.ietf.org/wg/httpbis/trac/wiki/Http2Proposals>
>> 
>> But none yet for authentication schemes:
>> <http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals>
>> 
>> As communicated in Paris, the deadline for proposals is 15 June, 2012. It's fine if your proposal isn't complete, but we do need to have a  good sense of it by then, for discussion.
>> 
>> Regards,
>> 
>> --
>> Mark Nottingham   http://www.mnot.net/
>> 
>> 
>> 
>> 
> 
> --
> Mark Nottingham   http://www.mnot.net/
> 
> 
> 

--
Mark Nottingham
http://www.mnot.net/