W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

Re: [XHR] open method extension for TLS authentication

From: Tim <tim-research@sentinelchicken.org>
Date: Thu, 3 Feb 2011 08:42:34 -0800
To: public-webapps@w3.org
Message-ID: <20110203164234.GW2121@sentinelchicken.org>
Anne, others,

Do you have any opinions on this?

There have recently been some good discussions around HTTP
authentication on IETF mailing lists, and I think having some
flexibility here would be useful in the long run.

tim



On Thu, Jan 06, 2011 at 08:50:00AM -0800, Tim wrote:
> Hello,
> 
> It occurred to me recently that the way in which the current draft
> XMLHttpRequest standard is written could be extended to allow for
> other forms of authentication at lower layers.  In particular, it
> should be possible to allow for the use of pre-shared key
> authentication (RFC 4279) or for SRP/TLS based on the credentials
> provided in the open() method.  For password-based systems in TLS,
> it should be a simple matter to just *allow* for such behavior, but
> not necessarily define it in detail.
> 
> However, it does sort of open the door for more complex authentication
> schemes at lower layers, including certificate authentication and the
> like.  Perhaps optional parameters of some sort would be needed to
> support this.
> 
> What do you think?
> tim
Received on Thursday, 3 February 2011 16:44:28 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:43 GMT