Generic HTTP access control

[jricher]

Proposed generic HTTP-based access control methods, described in mailing list thread: https://mailarchive.ietf.org/arch/msg/txauth/MJiaCD7DWESXnQ4YA7TlTyb8XOQ/

[yaronf]

Possibly as a separate document.

[jricher]

@yaronf Possibly so -- to start, the editors have decided to see if it works as a self-contained appendix to the core document, to be extracted later to another target if desired.