W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2011

Re: OT re HTTP auth disassocation of credentials

From: Adrien de Croy <adrien@qbik.com>
Date: Tue, 20 Sep 2011 09:28:23 +1200
Message-ID: <4E77B3F7.8020406@qbik.com>
To: Karl Dubost <karld@opera.com>
CC: Jan Algermissen <jan.algermissen@nordsc.com>, HTTP Working Group <ietf-http-wg@w3.org>

I think it would me more useful if it could be controlled from the 
server.  Hence a status or header.

However, for browser vendors, since finding screen real-estate is such a 
problem, an approach could be taken similar to the one used to show that 
a sight is using TLS and to see certificate information.  E.g. a small 
icon showing that the request is authenticated, which could then give 
details of the method, and an option to log out.

Adrien


On 20/09/2011 12:43 a.m., Karl Dubost wrote:
> Le 19 sept. 2011 à 02:37, Jan Algermissen a écrit :
>> FWIW I'd rather see browsers put a logout-button right in the browser GUI. The button could simply cause the browser to stop sending the credentials.
>
> As much as I could see the benefit for it. I do not think this will fly for browser vendors. They are all currently trying to simplify the UI and minimize it. There is also the balance in between introducing a new UI feature with the number of times this (HTTP Auth) will be used. For example, Firefox removed the RSS icon (by default).
>
> PS: not advocating for any sides of the issue.
>

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Monday, 19 September 2011 21:28:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:47 GMT