On 2010/05/11 12:49, Robert Sayre wrote: > What /would/ be nice is an HTTP authentication scheme that used some > sort of PAKE... but don't gate the OAuth spec on that.
FYI for people interested: my proposal for PAKE-based HTTP authentication submitted as an Internet-Draft: <http://tools.ietf.org/html/draft-oiwa-http-mutualauth-06>. I designed it mainly considering Browser-based authentication, but I do not limit its possible uses to Browsers. Feedbacks from other possible usage area, if possible, is much appreciated. -- Yutaka OIWA, Ph.D. Research Scientist Research Center for Information Security (RCIS) National Institute of Advanced Industrial Science and Technology (AIST) Mail addresses: <y.o...@aist.go.jp>, <yut...@oiwa.jp> OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D 3139 8677 9BD2 4405 46B5] _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth