- From: Robert Sayre <rsayre@mozilla.com>
- Date: Tue, 19 Jun 2007 01:14:56 +0000
- To: ietf-http-wg@w3.org
Henrik Nordstrom wrote: > Yes, and is what has been proposed several times, in several threads on > the topic.. but no detailed proposal written down yet. > > I would very much welcome a proposal from some browser vendor on this. > It's mainly browser technology which needs updates to adopt a feature > like this, on the server side it's most often just reconfiguration or at > worst trivial changes depending on the fine details of the proposed > extension and nature of the server implementation of 401 responses. I don't think it's worth implementing something like that for Basic or Digest, given the known weaknesses they have. To make this effective, the UI will still need to be "chrome" (trusted UI from the browser), but allow some presentation control as well. Personally, I'm not comfortable giving users security cues of that sort with the existing schemes, so I think an authentication scheme that satisfies most of the requirements in the Hartman draft is a prerequisite. The technical details of the 401 response won't be too difficult, but figuring out the right level of presentation control for site authors will probably require a good deal of research and experimentation. - Rob
Received on Tuesday, 19 June 2007 07:31:15 UTC