W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

[XHR] open method extension for TLS authentication

From: Tim <tim-research@sentinelchicken.org>
Date: Thu, 6 Jan 2011 08:50:00 -0800
To: public-webapps@w3.org
Message-ID: <20110106165000.GV6792@sentinelchicken.org>
Hello,

It occurred to me recently that the way in which the current draft
XMLHttpRequest standard is written could be extended to allow for
other forms of authentication at lower layers.  In particular, it
should be possible to allow for the use of pre-shared key
authentication (RFC 4279) or for SRP/TLS based on the credentials
provided in the open() method.  For password-based systems in TLS,
it should be a simple matter to just *allow* for such behavior, but
not necessarily define it in detail.

However, it does sort of open the door for more complex authentication
schemes at lower layers, including certificate authentication and the
like.  Perhaps optional parameters of some sort would be needed to
support this.

What do you think?
tim
Received on Thursday, 6 January 2011 18:12:44 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:42 GMT