Hi HTTPAPI and OAUTH, This is a new draft that attempts to define a useful convention for HTTP authentication: a way to tell the client to open a browser window to start authentication, and to close that window when authentication is complete.
I think this might be a good fit for HTTPAPI, since it is really a building block for other specifications, and it extends HTTP (by defining a new WWW-Authentication "scheme"). However, I would also appreciate review from OAuth experts, because I would like this design to work well with server-to-server OAuth, and to match well with OAuth conventions if possible. I would like to present this idea at IETF 115. --Ben P.S. For background, this comes out of a conversation in MASQUE about how a user-selected MASQUE proxy can trigger a modern login flow. ---------- Forwarded message --------- From: <internet-dra...@ietf.org> Date: Mon, Oct 17, 2022 at 2:42 PM Subject: New Version Notification for draft-schwartz-httpapi-popup-authentication-00.txt To: Benjamin M. Schwartz <bem...@google.com> A new version of I-D, draft-schwartz-httpapi-popup-authentication-00.txt has been successfully submitted by Benjamin Schwartz and posted to the IETF repository. Name: draft-schwartz-httpapi-popup-authentication Revision: 00 Title: Interactive Authentication of Non-Interactive HTTP Requests Document date: 2022-10-17 Group: Individual Submission Pages: 9 URL: https://www.ietf.org/archive/id/draft-schwartz-httpapi-popup-authentication-00.txt Status: https://datatracker.ietf.org/doc/draft-schwartz-httpapi-popup-authentication/ Html: https://www.ietf.org/archive/id/draft-schwartz-httpapi-popup-authentication-00.html Htmlized: https://datatracker.ietf.org/doc/html/draft-schwartz-httpapi-popup-authentication Abstract: On the World Wide Web, a rich ecosystem of authentication options has been developed to support access control for HTTP resources. However, non-interactive usage of HTTP remains limited to the simple authentication mechanisms defined in the HTTP standards. This specification allows non-interactive HTTP contexts to open a browser- like authentication context when necessary, and close it when authentication is complete. The IETF Secretariat
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
