- From: Nathan Rixham <nathan@webr3.org>
- Date: Wed, 1 Jun 2016 10:30:39 +0100
- To: Chaals McCathie Nevile <chaals@yandex-team.ru>
- Cc: "www-tag@w3.org" <www-tag@w3.org>
- Message-ID: <CANiy74ybuk8+zVYJGxd-XPaxbJN-H46m3OTJ_de3fvY7BYxwmQ@mail.gmail.com>
How to do auth on web? Honest and serious question. WWW-Authenticate and Authorization provide basic (lol) and digest (mitm), so can't use them. Alternative? Public key authentication (usually implemented with a HTTPS / SSL client certificate) ... sounds good. How to request, provide, or manage/select a client certificate with browser? nothing specified or implemented, maybe use keygen to request? (deprecated in live browsers), maybe provide a certificate with application/x-x509-user-cert (deprecated in live browsers), manage/select? (nothing specified) keygen is specified and was implemented terribly, but where's the alternative. How to do auth on web? A question I certainly can't answer, can anybody here? On Mon, May 30, 2016 at 10:40 AM, Chaals McCathie Nevile < chaals@yandex-team.ru> wrote: > Hi folks, > > there is an open issue [1] and open call for consensus [2] to remove > keygen from HTML. Since the TAG, or its members, appear to have opinions > about our spec, we'd be grateful to hear them. > > cheers > > Chaals > > [1] https://github.com/w3c/html/issues/43 > [2] http://www.w3.org/mid/op.yhs220oos7agh9@widsith.local > > -- > Charles McCathie Nevile - web standards - CTO Office, Yandex > chaals@yandex-team.ru - - - Find more at http://yandex.com > >
Received on Wednesday, 1 June 2016 09:31:08 UTC