W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2007

Re: Straw-man charter for http-bis

From: Robert Sayre <rsayre@mozilla.com>
Date: Tue, 19 Jun 2007 01:14:56 +0000
Message-ID: <46772E12.6070108@mozilla.com>
To: ietf-http-wg@w3.org

  Henrik Nordstrom wrote:
> Yes, and is what has been proposed several times, in several threads on
> the topic.. but no detailed proposal written down yet.
> I would very much welcome a proposal from some browser vendor on this.
> It's mainly browser technology which needs updates to adopt a feature
> like this, on the server side it's most often just reconfiguration or at
> worst trivial changes depending on the fine details of the proposed
> extension and nature of the server implementation of 401 responses.

I don't think it's worth implementing something like that for Basic or 
Digest, given the known weaknesses they have. To make this effective, 
the UI will still need to be "chrome" (trusted UI from the browser), but 
allow some presentation control as well. Personally, I'm not comfortable 
giving users security cues of that sort with the existing schemes, so I 
think an authentication scheme that satisfies most of the requirements 
in the Hartman draft is a prerequisite.

The technical details of the 401 response won't be too difficult, but 
figuring out the right level of presentation control for site authors 
will probably require a good deal of research and experimentation.

- Rob
Received on Tuesday, 19 June 2007 07:31:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:42 UTC