W3C home > Mailing lists > Public > public-xg-webid@w3.org > September 2011

WebID-ISSUE-58 (logout): Login/Logout behavior [User Interface/Browsers]

From: WebID Incubator Group Issue Tracker <sysbot+tracker@w3.org>
Date: Thu, 15 Sep 2011 08:36:26 +0000
To: public-xg-webid@w3.org
Message-Id: <E1R47Qo-000341-Vp@stu.w3.org>

WebID-ISSUE-58 (logout): Login/Logout behavior [User Interface/Browsers]

http://www.w3.org/2005/Incubator/webid/track/issues/58

Raised by: Henry Story
On product: User Interface/Browsers

The WebID protocol relies on TLS. There are a number of issues relating to logging in and logging out of TLS that could be improved, at the HTTP, TLS or browser level. We need to gather all the knowledge accumulated on this topic into one document for the final report.

Some logout issues:
  - logout using TLS exceptions is not implemented in any browser
  - a javascript api works but only for IE and Firefox
  - HTTP logout headers could be developed to move this behaviour to the HTTP layer
  - most browsers don't show the users' identity in the browser (that would allow the user to logout)

Login issues:
   for a site that is fully behind https one does not want the (human) user to come to a site and be asked for a TLS certificate before he even sees the site. A human user should be redirected to a site explaining why his identity is requested. But a robot arguably should be asked for his certificate immediately. There are a number of solutions to this, they should be described.
Received on Thursday, 15 September 2011 08:36:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 15 September 2011 08:36:28 GMT