Re: Authentication over HTTP

On Jul 17, 2013, at 9:33 AM, David Morris <dwm@xpasc.com> wrote:

> On Wed, 17 Jul 2013, Amos Jeffries wrote:
> 
>> 
>> What am I missing?
> 
> How about the user experience sucks because the authentication doesn't fit
> into the style/face of the application and doesn't provide sufficient user
> context for the prompts generated by the auth mechanicanism so the
> application owners design and implement their own approach? Oh, and no
> logout mechanism to cancel browser caching of credentials?

There is at least one attempt to address the user experience issue, by having an unauthenticated as well as an authenticated version of the page (presumably with the unauthenticated version pointing you at the credential entry box that is located in the chrome of the browser)

There's even a modified browser to demonstrate this:

https://www.rcis.aist.go.jp/special/MutualAuth/index-en.html

Yoav (who is in no way affiliated with this site, but is the chair of http-auth where their draft is discussed)

Received on Wednesday, 17 July 2013 07:02:12 UTC