| 47 | |
| 48 | === [http://tools.ietf.org/html/draft-nir-tls-eap-13 TLS-EAP] === |
| 49 | |
| 50 | This document extends the Transport Layer Security (TLS) protocol |
| 51 | with a flexible and widely deployed authentication framework, namely |
| 52 | the Extensible Authentication Protocol (EAP), to improve security of |
| 53 | Web- as well as non-Web-based applications. The EAP framework allows |
| 54 | so-called EAP methods, i.e. authentication and key exchange |
| 55 | protocols, to be plugged into EAP without having to re-design the |
| 56 | underlying protocol. The benefit of such an easy integration is the |
| 57 | ability to run authentication protocols that fit a specific |
| 58 | deployment environment, both from a credential choice as well as from |
| 59 | the security and performance characteristics of the actual protocol. |
| 60 | |
| 61 | === [http://tools.ietf.org/html/draft-tschofenig-secure-the-web Web Security] === |
| 62 | |
| 63 | This memorandum illustrates a shared vision for how to |
| 64 | deal with the most pressing Web security problems. |