The outcome of WAE could be 0, 1 or more WGs. The conflation in the
BoF does not necessarily mean conflation in WG(s). The breakdown is
appreciated.
Lisa
On Jul 13, 2006, at 11:59 PM, Jeff Hodges wrote:
Just to attempt to help clarify, in my understanding WAE was begot
by the conflation of three topic areas..
1. in-protocol authentication (for HTTP)
e.g. that which is defined within the HTTP spec set itself and is
used by an HTTP client to authn directly with an HTTP server.
Presently
the two available mechanisms are Basic and Digest. There are
use cases,
eg CalDAV, that would ostensibly benefit from a wider range of
in-protocol HTTP authn mechanisms. My understanding is that
this was the
motivation for creating the ietf-http-auth@ list.
2. application-level authentication/SSO and attribute sharing (for
HTTP-based
web-oriented (eg portal-based) apps)
This is a well-trod area with a plethora of existing solution
approaches
which are deployed to varying extents: SAML web sso profiles,
Liberty
ID-FF, Shib, OpenID, SXIP(/DIX), LID, WS-Federation, RoboForm,
etc. The
primary reason this topic is on the table in this venue is a
perception
that perhaps "more" can be done in order to facilitate wider
and more quick
adoption amongst websites in the wider Internet, eg "the
blogosphere".
This was the motivation for creation of the dix@ list.
3. anti-phishing
The motivation why this is on the list is obvious.
Effective overall solutions will involve a large component of user
interface (UI) approaches. Some would argue that the UI aspects
are the
first-order ones (and this is not a typical IETF problem
domain). Though
as well as UI, any solutions will likely rely on capabilities/
properties
obtained from solutions to 1 and/or 2 above, and may require
specific
capabilities/properties that 1 and/or 2 don't otherwise provide.
At this point, it isn't clear to me that the WAE BoF represents
just one overall "problem" to solve. Each of these are large
distinct topic areas in their own right, though they do intersect.
It will be a challenge to not short-shrift one or more of them. It
should be an entertaiing discussion.
JeffH
_______________________________________________
Ietf-http-auth mailing list
[EMAIL PROTECTED]
http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth
_______________________________________________
dix mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dix
