Web Auth: state of the art

perhaps fodder for a TAG finding

Status

This document is probably mostly wrong. Please help me fix it.

ACTION: DanC to turn state of the art in auth slides into draft finding.
29 Sep 2005 minutes

Forms

User Agent Authentication Forms Scott Lawrence, Agranat Systems, Inc. Paul Leach, Microsoft ; W3C Note - 03 Feb 1999

@@xforms requirements...

Mozilla has an extension for logging out.

From: Laurian Gridinoc
Date: September 28, 2005 1:11:33 AM PDT Cc: rest-discuss@yahoogroups.com Subject: Re: [rest-discuss] RESTful authorization Message-Id: <9782e33505092801111a687794@mail.gmail.com>

OpenId

OpenId. seems to address the blog comment spam issue... at least in part... needs complementary reputation stuff.

InfoCard

Seems to be based on ws-trust. Note the 404 @ http://schemas.xmlsoap.org/ws/2005/02/trust, despite the schema right next door

Acknowledgements and Fodder

Edinburgh ftf discussion, incl slides
HTTP authentication Lisa Dusseault to w3c-dist-auth 29 Sep 2005. BOF at IETF?
RFC 4169 Hypertext Transfer Protocol (HTTP) Digest Authentication Using Authentication and Key Agreement (AKA) Version-2. addresses man-in-the-middle problems with digest auth
ietf-http-auth list, with familiar names: shaver, baker, Rescorla
my security bookmarks
HT notes some two-factor auth news/guidance 19 Oct 2005