Re: [saag] Reminder: Call for Proposals - HTTP/2.0 and HTTP Authentication

[Paul Hoffman <paul.hoffman@vpnc.org>]

On May 15, 2012, at 9:33 AM, Nico Williams wrote:

> On Tue, May 15, 2012 at 11:16 AM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
>> I'm pretty sure that a pointer to draft-williams-rest-gss-00 (or any other expired draft in this area) is all the httpbis WG needs; they don't need an up-to-date draft.
> 
> Good point.  But working on the classification document is making me
> think of possible enhancements to my proposal anyways :)
> 
>> Having said that, I bet that they would very much like to see a classification / analysis document to help them!
> 
> Right.  Assuming they get lots of proposals it will be necessary to
> figure out how to analyze them.  Even if they get no proposals it'd be
> useful to have such a document to guide any design team.

At this point they have zero proposals, but I'm hoping to change that by nudging here (not by writing a proposal myself).

> Personally I continue to believe that there will not be a single
> authentication mechanism that satisfies all users' needs, so I will
> continue to argue for pluggable frameworks.  However, I'm less
> interested in this than I am in the analysis at this point.

We already have a pluggable framework; if it needs changes, letting the httpbis WG know that early would be important.

> As for the dearth of proposals...  I suspect part of it is not knowing
> what HTTP 2.0 will look like, and part of it is weariness: web auth
> has been a resisting solutions for many years now.  Perhaps no one
> really expects HTTPbis WG to be able to crack that nut?


The IESG expects them to not only crack the nut, but to show that the inside is edible. This was made very clear in the rechartering discussion (well, without the food analogy).

--Paul Hoffman