WAE topic/problem scope (was: Stab at grouping of problem (was: Re: [dix] Agenda bashing))

Thu, 13 Jul 2006 21:07:40 -0700

Just to attempt to help clarify, in my understanding WAE was begot by the conflation of three topic areas.. 

 1. in-protocol authentication (for HTTP)

    e.g. that which is defined within the HTTP spec set itself and is
    used by an HTTP client to authn directly with an HTTP server. Presently
    the two available mechanisms are Basic and Digest. There are use cases,
    eg CalDAV, that would ostensibly benefit from a wider range of
    in-protocol HTTP authn mechanisms. My understanding is that this was the
    motivation for creating the ietf-http-auth@ list.


 2. application-level authentication/SSO and attribute sharing (for HTTP-based
    web-oriented (eg portal-based) apps)

    This is a well-trod area with a plethora of existing solution approaches
    which are deployed to varying extents: SAML web sso profiles, Liberty
    ID-FF, Shib, OpenID, SXIP(/DIX), LID, WS-Federation, RoboForm, etc. The
    primary reason this topic is on the table in this venue is a perception
    that perhaps "more" can be done in order to facilitate wider and more quick
    adoption amongst websites in the wider Internet, eg "the blogosphere".
    This was the motivation for creation of the dix@ list.


 3. anti-phishing

    The motivation why this is on the list is obvious.
    Effective overall solutions will involve a large component of user
    interface (UI) approaches. Some would argue that the UI aspects are the
    first-order ones (and this is not a typical IETF problem domain). Though
    as well as UI, any solutions will likely rely on capabilities/properties
    obtained from solutions to 1 and/or 2 above, and may require specific
    capabilities/properties that 1 and/or 2 don't otherwise provide.
At this point, it isn't clear to me that the WAE BoF represents just one overall "problem" to solve. Each of these are large distinct topic areas in their own right, though they do intersect. It will be a challenge to not short-shrift one or more of them. It should be an entertaiing discussion. 


JeffH













_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix

Reply via email to