RE: Reminder: Call for Proposals - HTTP Authentication

<lionel.morand@orange.com> Wed, 02 May 2012 08:05 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0BEF21F87D3 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 2 May 2012 01:05:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.649
X-Spam-Level:
X-Spam-Status: No, score=-8.649 tagged_above=-999 required=5 tests=[AWL=1.600, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o0nrxm56Nm85 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 2 May 2012 01:05:39 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 659F221F87C4 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 2 May 2012 01:05:39 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1SPUXN-0001to-BO for ietf-http-wg-dist@listhub.w3.org; Wed, 02 May 2012 08:03:49 +0000
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <lionel.morand@orange.com>) id 1SPUXB-0001ss-2t for ietf-http-wg@listhub.w3.org; Wed, 02 May 2012 08:03:37 +0000
Received: from p-mail2.rd.francetelecom.com ([195.101.245.16]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <lionel.morand@orange.com>) id 1SPUX0-0002jD-Ih for ietf-http-wg@w3.org; Wed, 02 May 2012 08:03:34 +0000
Received: from p-mail2.rd.francetelecom.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 1EFE9E301B2; Wed, 2 May 2012 10:03:10 +0200 (CEST)
Received: from ftrdsmtp1.rd.francetelecom.fr (unknown [10.192.128.46]) by p-mail2.rd.francetelecom.com (Postfix) with ESMTP id 11960E301B1; Wed, 2 May 2012 10:03:10 +0200 (CEST)
Received: from ftrdmel1.rd.francetelecom.fr ([10.192.128.40]) by ftrdsmtp1.rd.francetelecom.fr with Microsoft SMTPSVC(6.0.3790.4675); Wed, 2 May 2012 10:03:04 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 02 May 2012 10:03:02 +0200
Message-ID: <B11765B89737A7498AF63EA84EC9F577014C8BF1@ftrdmel1>
In-Reply-To: <594FB5C6-C676-43B4-9D4F-586573E24E04@mnot.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Reminder: Call for Proposals - HTTP Authentication
Thread-Index: Ac0n8mStxvJtOr9gRrWW0VTcLs6jWAAR0tzw
References: <14A09626-8397-4656-A042-FEFDDD017C9F@mnot.net> <B11765B89737A7498AF63EA84EC9F577014C8B6C@ftrdmel1> <D159EF0F-AEEC-4629-91EC-C6B0A9BEA9EE@mnot.net> <B11765B89737A7498AF63EA84EC9F577014C8B82@ftrdmel1> <594FB5C6-C676-43B4-9D4F-586573E24E04@mnot.net>
From: lionel.morand@orange.com
To: mnot@mnot.net
Cc: ietf-http-wg@w3.org
X-OriginalArrivalTime: 02 May 2012 08:03:04.0120 (UTC) FILETIME=[0042BB80:01CD283A]
Received-SPF: softfail client-ip=195.101.245.16; envelope-from=lionel.morand@orange.com; helo=p-mail2.rd.francetelecom.com
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_SOFTFAIL=0.665
X-W3C-Scan-Sig: maggie.w3.org 1SPUX0-0002jD-Ih e8f865fe9ba34f99b8ebc55d7fda7b0f
X-Original-To: ietf-http-wg@w3.org
Subject: RE: Reminder: Call for Proposals - HTTP Authentication
Archived-At: <http://www.w3.org/mid/B11765B89737A7498AF63EA84EC9F577014C8BF1@ftrdmel1>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/13512
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1SPUXN-0001to-BO@frink.w3.org>
Resent-Date: Wed, 02 May 2012 08:03:49 +0000

I will! 

Regards,

Lionel

-----Message d'origine-----
De : Mark Nottingham [mailto:mnot@mnot.net] 
Envoyé : mercredi 2 mai 2012 01:30
À : MORAND Lionel RD-CORE-ISS
Cc : ietf-http-wg@w3.org
Objet : Re: Reminder: Call for Proposals - HTTP Authentication

We can certainly discuss it. 

Would you be willing to write up a small Internet-Draft (e.g., 1-2 pages) outlining the proposal and any work you see as necessary (either in modifying the RFC as it progresses, or adding more infrastructure to make it more broadly usable?

Cheers,


On 01/05/2012, at 10:13 PM, <lionel.morand@orange.com> <lionel.morand@orange.com> wrote:

> Hi Mark,
> 
> Of course, to be applicable, the first requirement for SIM-based authentication schemes is to have a SIM card (or software based implementation) and this implies that you have a mobile subscription. 
> However, the authentication mechanism is not contrite to mobile networks and can be typically used over any HTTP-based access, e.g. wifi, adsl, cable, etc., the mobile network being used only for AAA purposes, as trusted 3rd-party.
> Moreover, the terminal itself can be a mobile phone but also any IP-enabled device (e.g. PC, tablet, etc.) providing a API to the SIM card. Moreover, the browser is seen as off-the-shelf application and not mobile specific.
> 
> For the reasons, I was considering that it would be a general interest to reference a standard document instead of an Informational RFC. And this period of "clean-up" of the HTTP documentation seems to be suitable for that.
> 
> Regards,
> 
> Lionel
> 
> -----Message d'origine-----
> De : Mark Nottingham [mailto:mnot@mnot.net] 
> Envoyé : mardi 1 mai 2012 02:57
> À : MORAND Lionel RD-CORE-ISS
> Cc : ietf-http-wg@w3.org
> Objet : Re: Reminder: Call for Proposals - HTTP Authentication
> 
> Hi Lionel,
> 
> Do you know of any use outside of a mobile context? If there's interest, we can certainly look at it, but if it's relegated to just that market (whether or technical or social reasons), I don't think this would necessarily be the right place to advance it to a standard (speaking just for me).
> 
> Cheers,
> 
> 
> On 01/05/2012, at 3:02 AM, <lionel.morand@orange.com> <lionel.morand@orange.com> wrote:
> 
>> Any feedback?
>> 
>> Lionel
>> 
>> -----Message d'origine-----
>> De : MORAND Lionel RD-CORE-ISS 
>> Envoyé : vendredi 27 avril 2012 11:54
>> À : 'Mark Nottingham'; 'HTTP Working Group'
>> Objet : RE: Reminder: Call for Proposals - HTTP Authentication
>> 
>> Hi,
>> 
>> RFC 3310 is informational but used in mobile networks. I think it is worth to consider the interest of defining this mechanism as "standard" HTTP authentication scheme. What should be the process?
>> 
>> In the same line, I have a draft on adaption of RFC3310 for 2G AKA (see. http://tools.ietf.org/id/draft-morand-http-digest-2g-aka-02.txt). I would propose to add it to the list of new potential authentication schemes but only if RFC 3310 is part of the same list. Otherwise, it could be only informal.
>> 
>> Regards,
>> 
>> Lionel 
>> 
>> -----Message d'origine-----
>> De : Mark Nottingham [mailto:mnot@mnot.net] 
>> Envoyé : vendredi 27 avril 2012 07:28
>> À : HTTP Working Group
>> Objet : Reminder: Call for Proposals - HTTP/2.0 and HTTP Authentication
>> 
>> Just a reminder that we're still accepting proposals for:
>> 
>> 1. HTTP/2.0
>> 2. New HTTP authentication schemes
>> 
>> As per our charter <http://datatracker.ietf.org/wg/httpbis/charter/>.
>> 
>> So far, we've received the following proposals applicable to HTTP/2.0:
>> <http://trac.tools.ietf.org/wg/httpbis/trac/wiki/Http2Proposals>
>> 
>> But none yet for authentication schemes:
>> <http://trac.tools.ietf.org/wg/httpbis/trac/wiki/HttpAuthProposals>
>> 
>> As communicated in Paris, the deadline for proposals is 15 June, 2012. It's fine if your proposal isn't complete, but we do need to have a  good sense of it by then, for discussion.
>> 
>> Regards,
>> 
>> --
>> Mark Nottingham   http://www.mnot.net/
>> 
>> 
>> 
>> 
> 
> --
> Mark Nottingham   http://www.mnot.net/
> 
> 
> 

--
Mark Nottingham
http://www.mnot.net/