IETF Logo Mail Archive

Session Continuation at WebSec

Yoav Nir <ynir@checkpoint.com> Mon, 14 January 2013 16:54 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF6FC21F8844 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 14 Jan 2013 08:54:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6IWiK+d68bHm for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 14 Jan 2013 08:54:26 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 72FB221F86D3 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 14 Jan 2013 08:54:26 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1TunHs-0003Dc-Kh for ietf-http-wg-dist@listhub.w3.org; Mon, 14 Jan 2013 16:53:28 +0000
Resent-Date: Mon, 14 Jan 2013 16:53:28 +0000
Resent-Message-Id: <E1TunHs-0003Dc-Kh@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <ynir@checkpoint.com>) id 1TunHp-0003Cs-4E for ietf-http-wg@listhub.w3.org; Mon, 14 Jan 2013 16:53:25 +0000
Received: from smtp.checkpoint.com ([194.29.34.68]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <ynir@checkpoint.com>) id 1TunHj-00008c-6x for ietf-http-wg@w3.org; Mon, 14 Jan 2013 16:53:25 +0000
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r0EGqpqD015939 for <ietf-http-wg@w3.org>; Mon, 14 Jan 2013 18:52:52 +0200
X-CheckPoint: {50F4357A-0-1B221DC2-2FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.18]) by DAG-EX10.ad.checkpoint.com ([fe80::80df:1c2c:3d29:3748%11]) with mapi id 14.02.0328.009; Mon, 14 Jan 2013 18:52:51 +0200
From: Yoav Nir <ynir@checkpoint.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Thread-Topic: Session Continuation at WebSec
Thread-Index: AQHN8neXPTVk7jpbIUy4nMWFE4njQA==
Date: Mon, 14 Jan 2013 16:52:51 +0000
Message-ID: <4613980CFC78314ABFD7F85CC30277211198384B@IL-EX10.ad.checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [91.90.139.159]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <CB378DC9156A5C49A9222F53119C798B@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received-SPF: pass client-ip=194.29.34.68; envelope-from=ynir@checkpoint.com; helo=smtp.checkpoint.com
X-W3C-Hub-Spam-Status: No, score=-5.6
X-W3C-Hub-Spam-Report: AWL=1.350, BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1TunHj-00008c-6x 8939925206add07d8c5be8abfb7200f3
X-Original-To: ietf-http-wg@w3.org
Subject: Session Continuation at WebSec
Archived-At: <http://www.w3.org/mid/4613980CFC78314ABFD7F85CC30277211198384B@IL-EX10.ad.checkpoint.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/15862
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi all

Last IETF at the http-auth BoF, some people said that the real issue we should tackle was managing sessions in HTTP and binding them to authentication.

Nicolas Williams has edited a Problem Statement and Requirements document ([1]) for a design team that also included Phillip Hallam-Baker, Yaron Sheffer, and Paul Leach.

The idea is to make a better way of binding requests together for a long-lived session, which may or may not be bound to an authenticated identity. This is to augment or replace the current practice of using cookies to continue sessions.

For discussing this draft, please join & post to the WebSec mailing list ([2]). This message is just a heads-up for the subscribers of this list, who may be interested in the subject.

And now, back to your regularly scheduled programming…

Yoav 

[1] http://tools.ietf.org/html/draft-williams-websec-session-continue-prob-00
[2] https://www.ietf.org/mailman/listinfo/websec

v2.23.0 | Report a Bug | By Email