W3C home > Mailing lists > Public > public-identity@w3.org > November 2011

Re: Web Cryptography Working Group scoping progressing...

From: Henry Story <henry.story@bblfish.net>
Date: Fri, 4 Nov 2011 10:23:06 +0100
Cc: public-identity@w3.org, Harry Halpin <hhalpin@w3.org>
Message-Id: <A4E73965-774C-40EA-ADAB-A09E06B10609@bblfish.net>
To: Brian Smith <bsmith@mozilla.com>

On 4 Nov 2011, at 00:37, Brian Smith wrote:

> Henry Story wrote:
>> "API access to control of SSL/TLS logout, "
>> 
>> +1 on that one. Thanks for adding it.
> 
> Actually, I disagree that this is the proper place for this to be standardized, since there are also non-TLS scenerios where no crypto is used but where a logout mechanism is needed (e.g. for HTTP basic auth).

Logout in TLS can be done already in Firefox and IE, with the following JavaScript


function logout(elem) {
   if (document.all == null) {
      if (window.crypto) {
          try{
              window.crypto.logout();
              return false; //firefox ok -- no need to follow the link
          } catch (err) {//Safari, Opera, Chrome -- try with tis session breaking
          }
      } else { //also try with session breaking
      }
   } else { // MSIE 6+
      document.execCommand('ClearAuthenticationCache');
      return false;
   };
   return true
}

http://www.w3.org/wiki/Foaf%2Bssl/HOWTO

I suggest that the group take it on, and either specify it or help find the group that will specify it so that it can work on all browsers.

> 
> I would prefer for the working group to focus on the crypto API.
> 
> - Brian

Social Web Architect
http://bblfish.net/
Received on Friday, 4 November 2011 09:23:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 4 November 2011 09:23:37 GMT