W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > March 2011

[Bug 11912] HTML5 provides an opportunity to fix a long-running problem with HTTP Authentication. HTTP Authentication is important, because it is the only way to execute a request with 100% certainty that the user has provided an authentication secret. Furthermore,

From: <bugzilla@jessica.w3.org>
Date: Fri, 04 Mar 2011 00:25:27 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1PvIpj-0005O4-Nc@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11912

Ian 'Hixie' Hickson <ian@hixie.ch> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |ian@hixie.ch
         Resolution|                            |WONTFIX

--- Comment #11 from Ian 'Hixie' Hickson <ian@hixie.ch> 2011-03-04 00:25:26 UTC ---
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are
satisfied with this response, please change the state of this bug to CLOSED. If
you have additional information and would like the editor to reconsider, please
reopen this bug. If you would like to escalate the issue to the full HTML
Working Group, please add the TrackerRequest keyword to this bug, and suggest
title and text for the tracker issue; or you may create a tracker issue
yourself, if you are able to do so. For more details, see this document:
   http://dev.w3.org/html5/decision-policy/decision-policy.html

Status: Rejected
Change Description: no spec change
Rationale: 

I disagree with the premise of this proposal:

> HTTP Authentication is important, because it is the only way
> to execute a request with 100% certainty that the user has provided an
> authentication secret.

A form asking the same question as HTTP auth is no less reliable, and HTTP auth
does not guarantee that the user provided anything, rather than the UA
providing it.

HTTP Authentication has IMHO not been demonstrated as being important for the
interactive Web use case. (It has some more compelling uses in automated
environments, but those are out of scope here.)


My recommendation would be to follow one or more of the following paths:

* If you have very specific problems with HTML, file bugs specifically for
those problems, including clear rationale for why we need to address those
problems.

* If you have specific proposals, approach browser vendors to get them to
implement them; if they do, and if they are found to be good, then we would add
them to the spec.

* Escalate this bug as described at the top of this comment, and submit a
detailed changed proposal to the HTMLWG to convince the WG chairs that this
proposal is worth adopting, and then convince browser vendors to implement it.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Friday, 4 March 2011 00:25:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 4 March 2011 00:25:32 GMT