Re: security requirements

On 10/20/06, Henrik Nordstrom <> wrote:
> fre 2006-10-20 klockan 14:12 -0400 skrev Robert Sayre:
> > HTTP security now takes place via forms, cookies, redirects, and
> > rubber bands.
> And to be honest mainly because web designers is not happy with how the

That is one reason. The ad-hoc stuff can be more secure than the
standard schemes, too.

> GUI (user-agents) presents the request for user credentials.

Also, there is no logout button. I plan to take care of both problems
for new schemes in Mozilla.

Message body not displayed on HTTP 401 status response

Need a markup widget to clear HTTP credentials

Obviously, there will need to be buy-in from *all* of the big browser
vendors to move toward a Web standard. Maybe the W3C activity will
have that. If not, I don't see the point. Mozilla Foundation likes
standards when they result in one Web, so I doubt they will be a
holdout :)


Robert Sayre

Received on Friday, 20 October 2006 22:12:44 UTC