* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ticket #237 (closed design: fixed)

Opened 4 years ago

Last modified 4 years ago

absorbing the auth framework from 2617

Reported by: julian.reschke@gmx.de Owned by: julian.reschke@gmx.de
Priority: normal Milestone: 12
Component: p7-auth Severity: Active WG Document
Keywords: Cc:
Origin:

Description (last modified by julian.reschke@gmx.de) (diff)

This issue is opened to track the process of absorbing "everything except Basic and Digest" from RFC 2617.

To do

Attachments

i237.diff (19.5 KB) - added by julian.reschke@gmx.de 4 years ago.
proposed patch for part 7 (missing: potentially additional authors, change information wrt 2617?)

Change History

comment:1 Changed 4 years ago by julian.reschke@gmx.de

  • Description modified (diff)

comment:2 Changed 4 years ago by julian.reschke@gmx.de

Excerpt from http://www.ietf.org/proceedings/78/minutes/httpbis.txt:

 4. RFC2617
mnot: part7 is the http auth framework, the meat of auth (basic and digest) is in 2617
issues like i18n auth scheme registry might be addressed
a path could be to have basic and digest in one or two drafts, framework in p7
Alexey: seems to be the right thing to do, having the framework in p7 is fine, other two documents will need a recharter
mnot: no changes needed as a first step to produce new documents, only i18n will require changes
Alexey: reopening digest could be controversial
<Barry Leiba> Cyrus: I don't see that draft-ietf-vwrap-type-system <http://tools.ietf.org/wg/vwrap/draft-ietf-vwrap-type-system/> has any ref to RFC 2617.  Checking whether I got the right doc when you said that.
<Barry Leiba> Never mind... 2817, not 2617.
mnot: if the recharter says that only editorial changes are made, it could help.
Cyrus: not sure IESG will accept Digest as-is
Alexey: moving to historic might help. If somebody want to reopen Basic and Digest, it would be better if it was in a WG
Cyrus: Mutual Auth is there as an example of new auth
mnot: we are not a security-related WG
<roy.fielding> How about defining a registry for auth schemes?
Alexey: that is a good idea (in response to Roy's comment)

comment:3 Changed 4 years ago by julian.reschke@gmx.de

  • Description modified (diff)

Changed 4 years ago by julian.reschke@gmx.de

proposed patch for part 7 (missing: potentially additional authors, change information wrt 2617?)

comment:4 Changed 4 years ago by mnot@pobox.com

  • Owner set to julian.reschke@gmx.de

comment:5 Changed 4 years ago by julian.reschke@gmx.de

From [998]:

Incorporate auth framework from RFC 2617; ack RFC 2617's authors, fix known auth-param erratum (see #195)(see #237)

comment:6 Changed 4 years ago by julian.reschke@gmx.de

  • Status changed from new to closed
  • Resolution set to incorporated

comment:7 Changed 4 years ago by julian.reschke@gmx.de

From [1007]:

s/canonical root URL/canonical root URI/ and fix whitespace (related to #237)

comment:8 Changed 4 years ago by julian.reschke@gmx.de

From [1018]:

move and rephrase Note about listing well-known schemes first in WWW-Authenticate (see #237)

comment:9 Changed 4 years ago by julian.reschke@gmx.de

  • Milestone changed from unassigned to 12

comment:10 Changed 4 years ago by mnot@pobox.com

  • Status changed from closed to reopened
  • Resolution incorporated deleted

comment:11 Changed 4 years ago by mnot@pobox.com

  • Status changed from reopened to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.