W3C home > Mailing lists > Public > public-xg-webid@w3.org > August 2011

Re: interesting approach to authentication in JavaScript

From: Andrei Sambra <andrei@fcns.eu>
Date: Wed, 31 Aug 2011 15:23:15 +0200
Message-ID: <4E5E35C3.6090702@fcns.eu>
To: public-xg-webid@w3.org


On 08/31/2011 03:16 PM, Henry Story wrote:
>
> On 31 Aug 2011, at 12:35, Dan Brickley wrote:
>
>> On 29 August 2011 10:13, Dominik Tomaszuk<ddooss@wp.pl>  wrote:
>>> Hi all,
>>>
>>> It might be interesting:
>>> http://html5.creation.net/webcrypto-api/
>>
>> Meanwhile, http://www.matasano.com/articles/javascript-cryptography/
>> has some criticism of browser-based .js crypto...
>
> Thanks for the link. I was expecting some criticism of this type to surface sooner or later.
>
> I have argued on the identity group that one thing that could be very useful would be client side logout javascript apis to standardise what Firefox and Internet Explorer are doing. That would be secure and simple to implement.

Wouldn't it be simpler to let each service manage the login/logout 
process? As far as I can tell, once you finish the initial verification 
(when you ask for the browser certificate) you can save the result into 
a session and leave the rest to the service. Otherwise you'd have to 
repeat the same process for each html request, which is what currently 
happens, forcing us to click that "remember my choice" checkbox.

Andrei

> Henry
>
>
>>
>> Dan
>>
>
> Social Web Architect
> http://bblfish.net/
>
>
Received on Wednesday, 31 August 2011 13:24:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 31 August 2011 13:24:18 GMT