W3C home > Mailing lists > Public > public-webapi@w3.org > April 2006

Issue: Authentication Credentials

From: Mark Nottingham <mnot@yahoo-inc.com>
Date: Fri, 21 Apr 2006 09:33:28 -0700
Message-Id: <736A423E-A3F6-4827-86C2-AA01A0B7848B@yahoo-inc.com>
To: "Web APIs WG (public)" <public-webapi@w3.org>

[ from the big comment e-mail; raising as a separate issue, as  
requested ]

If the browser is already sending credentials for a particular  
protection space (to use RFC2617 terminology), XHR SHOULD send them  
when accessing resources in the same space. It'll need to define  
precedence between these and those explicitly used in a call (which  
would override, I presume).

In other words, if I'm already logged into a site, XHR should reuse  
my credentials, rather than ask me for them again.

--
Mark Nottingham
mnot@yahoo-inc.com
Received on Friday, 21 April 2006 16:34:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:54 GMT