W3CT&S

DRAFT

Form Annotations for Web Authentication
Working Group Charter

Last Changed
$Date: 2006/09/07 08:41:32 $
By
$Author: roessler $
Status of this document
This draft is work in progress, and may change without notice. W3C Members, participants in the W3C Workshop on Transparency and Usability of Web Authentication, and other interested parties, are welcome to discuss this draft on the mailing list public-usable-authentication (public archive). W3C Members may also wish to share their comments with their fellow Members on the internal mailing list.

In the interest of brevity, standard template material has been removed from this charter.

The mission of this working group is to define a mechanism to annotate Web forms to support both better client-side credential management, and integration of form-based input mechanisms with protocol-level authentication mechanisms such as HTTP Digest Authentication.

Background and Scope

Authentication on the Web is, today, largely based on the entry of user names and passwords through HTML forms, and their submission through HTTP POST. Session management on the basis of browser cookies or hidden form fields is then used to keep authentication state for further transactions. Existing mechanisms for HTTP Authentication [RFC 2617] are ignored in these scenarios.

To assist users in these situations, web user agents are typically able to cache user names and passwords. This caching is based on heuristic recognition of those form fields that are used for authentication information; consequently, they fail in slightly a-typical situations.

This working group is chartered to develop a mechanism for annotating HTML forms, to

Key requirements include:

This Working Group is not chartered to develop new authentication protocols.

Deliverables

The group should deliver:

Dependencies

W3C Groups

The Web Security Context Baseline Working Group should coordinate its activities with other relevant W3C Working Groups, specifically:

Web Application Formats
The mission of the W3C Web Application Formats Working Group is to develop specifications that enable improved client-side application development on the Web. This includes the development of languages for applications, especially user interfaces.
W3C Form work
This group will coordinate with related work in other W3C Activities through the Hypertxt Coordination Group.

External Groups

The following is a tentative list of external bodies that the Working Group should collaborate with:

Internet Engineering Task Force
The IETF community is, as of fall 2006, considering new work on enhancements in Web Authentication. It is expected that any working groups emerging from these considerations will need to liaise with this working group.
OASIS
The OASIS Security Services Technical Committee is chartered to define and maintain a standard, XML-based framework for creating and exchanging security information between online partners.
Liberty Alliance
Liberty Alliance is developing an open standard for federated network identity that supports all current and emerging network devices.

Change Log

  


  $Log: htmlauth-charter.html,v $
  Revision 1.34  2006/09/07 08:41:32  roessler
  Layout change per Susan Lesch's suggestion.

  Revision 1.33  2006/09/05 22:55:17  roessler
  update per conversation with Ian

  Revision 1.32  2006/08/24 15:13:00  roessler
  Update re relationship with other forms work.

  Revision 1.31  2006/08/23 15:44:48  roessler
  Changelog formatting, again.

  Revision 1.30  2006/08/23 15:37:07  roessler
  Clean up some boilerplate material.

  Revision 1.29  2006/08/18 13:49:50  roessler
  Fix change log formatting

  Revision 1.28  2006/08/18 13:47:58  roessler
  Rename the form annotation group; add boilerplate material; 
  move to different template.

  Revision 1.27  2006/08/08 13:54:27  roessler
  Editorial nits.

  Revision 1.26  2006/08/07 13:59:20  roessler
  Phrase core of the document to be independent of HTTP.

  Revision 1.25  2006/08/07 13:45:49  roessler
  limit total width of text

  Revision 1.24  2006/08/07 13:07:37  roessler
  valid XHTML

  Revision 1.23  2006/08/07 12:56:26  roessler
  Add tentative time line.

  Revision 1.22  2006/07/05 00:12:24  roessler
  Markup fix.

  Revision 1.21  2006/07/03 09:26:59  roessler
  Add change log.
$Id: htmlauth-charter.html,v 1.34 2006/09/07 08:41:32 roessler Exp $