An IETF working group for HTTP?

Mary Ellen Zurko (
Mon, 19 Sep 1994 18:31:29 +0200

How about authorization outside the context of electronic payments?
I'm particularly interested in Web-centric security and privacy
models. Of course, most of the security work on the Web to date has
been in the areas you lay out; how mature does an aspect need to be
for an IETF working group? We're currently using DCE's support for
authorization to prototype Web authorization. I'm not sure how that
would fall into the framework you suggest.


> b) security and electronic payments
> Here too, intense commercial activity threatens a mess
> of rival proprietary standards. We can aim to provide
> an open framework for incorporating different techniques,
> and to perhaps resolve export and patent licensing issues
> for unrestricted use of appropriate cryptographic modules.
> - authentication, non-repudiation and encryption
> - certificates and key exchange
> - bringing together S-HTTP and Shen etc.
> - mechanisms for electronic payments and receipts
> - standard APIs for cryptographic library modules
> - Commodity licenses for public domain
> cryptographic library modules