spec/Overview.html 1.1604 2432 Define a way to expose HTTP login forms from poot on 2008-11-25 (public-html-diffs@w3.org from November 2008)

From: poot <cvsmail@w3.org>
Date: Tue, 25 Nov 2008 14:28:47 +0900 (JST)
To: public-html-diffs@w3.org
Message-Id: <20081125052847.AF6D72BC23@toro.w3.mag.keio.ac.jp>
Define a way to expose HTTP login forms to spiders in 401 (or even 200)
responses. (whatwg r2432)

challenge
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1604.html#bnf-formauth-challenge
4.11 Interactive elements
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1604.html#interactive-elements
Status of this document
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1604.html#status-of-this-document
form
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1604.html#bnf-formauth-form
form-name
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1604.html#bnf-formauth-form-name
A vocabulary and associated APIs for HTML and XHTML
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1604.html#a-vocabulary-and-associated-apis-for-html-and-xhtml
4.10.18 Login forms
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1604.html#login-forms
broadcast formchange events
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1604.html#broadcast-formchange-events
Editor's Draft 25 November 2008
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1604.html#editor-s-draft-date-zzz-9-june-2008

http://people.w3.org/mike/diffs/html5/spec/Overview.diff.html
http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.1603&r2=1.1604&f=h
http://html5.org/tools/web-apps-tracker?from=2431&to=2432

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.1603
retrieving revision 1.1604
diff -u -d -r1.1603 -r1.1604
--- Overview.html 24 Nov 2008 22:40:33 -0000 1.1603
+++ Overview.html 25 Nov 2008 05:26:04 -0000 1.1604
@@ -8,7 +8,7 @@
    <p><a href=http://www.w3.org/><img alt=W3C height=48 src=http://www.w3.org/Icons/w3c_home width=72></a></p>
    <h1>HTML 5</h1>
    <h2 class="no-num no-toc" id=a-vocabulary-and-associated-apis-for-html-and-xhtml>A vocabulary and associated APIs for HTML and XHTML</h2>
-   <h2 class="no-num no-toc" id=editor-s-draft-date-zzz-9-june-2008><!-- "W3C Working Draft" --> Editor's Draft <!--ZZZ-->24 November 2008</h2>
+   <h2 class="no-num no-toc" id=editor-s-draft-date-zzz-9-june-2008><!-- "W3C Working Draft" --> Editor's Draft <!--ZZZ-->25 November 2008</h2>
    <dl><!-- ZZZ: update the month/day
     <dt>This Version:</dt>
     <dd><a href="http://www.w3.org/TR/2008/WD-html5-20080610/">http://www.w3.org/TR/2008/WD-html5-20080610/</a></dd>
@@ -97,7 +97,7 @@
   specification's progress along the W3C Recommendation
   track.
   <!--ZZZ:-->
-  This specification is the 24 November 2008 <!--ZZZ "Working Draft"-->Editor's Draft.
+  This specification is the 25 November 2008 <!--ZZZ "Working Draft"-->Editor's Draft.
   <!--:ZZZ-->
   </p><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- relationship to other work (required) --><p>This specification is also being produced by the <a href=http://www.whatwg.org/>WHATWG</a>. The two specifications are
   identical from the table of contents onwards.</p><!-- UNDER NO CIRCUMSTANCES IS THE FOLLOWING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- context and rationale (required) --><p>This specification is intended to replace (be a new version of)
@@ -506,7 +506,8 @@
        <li><a href=#multipart-form-data><span class=secno>4.10.15.4 </span>Multipart form data</a></li>
        <li><a href=#plain-text-form-data><span class=secno>4.10.15.5 </span>Plain text form data</a></ol></li>
      <li><a href=#resetting-a-form><span class=secno>4.10.16 </span>Resetting a form</a></li>
-     <li><a href=#event-dispatch><span class=secno>4.10.17 </span>Event dispatch</a></ol></li>
+     <li><a href=#event-dispatch><span class=secno>4.10.17 </span>Event dispatch</a></li>
+     <li><a href=#login-forms><span class=secno>4.10.18 </span>Login forms</a></ol></li>
    <li><a href=#interactive-elements><span class=secno>4.11 </span>Interactive elements</a>
     <ol>
      <li><a href=#the-details-element><span class=secno>4.11.1 </span>The <code>details</code> element</a></li>
@@ -23517,7 +23518,29 @@
    <a href=#tree-order>tree order</a>, <a href=#fire-a-simple-event>fire a simple event</a> named
    <var title="">event name</var> at the element.</li>
 
-  </ol><h3 id=interactive-elements><span class=secno>4.11 </span>Interactive elements</h3><h4 id=the-details-element><span class=secno>4.11.1 </span>The <dfn><code>details</code></dfn> element</h4><dl class=element><dt>Categories</dt>
+  </ol><h4 id=login-forms><span class=secno>4.10.18 </span>Login forms</h4><p>A common use for forms is user authentication. To indicate that
+  an HTTP <a href=#url>URL</a> requires authentication through such a form
+  before use, the HTTP 401 response code with a <code title="">WWW-Authenticate</code> challenge "<code title="">HTML</code>" may be used.<p>For this authentication scheme, the framework defined in RFC2617
+  is used as follows. <a href=#references>[RFC2617]</a><pre><dfn id=bnf-formauth-challenge title=bnf-formauth-challenge>challenge</dfn> = "<code title="">HTML</code>" [ <a href=#bnf-formauth-form title=bnf-formauth-form>form</a> ]
+<dfn id=bnf-formauth-form title=bnf-formauth-form>form</dfn>      = "<code title="">form</code>" "<code title="">=</code>" <a href=#bnf-formauth-form-name title=bnf-formauth-form-name>form-name</a>
+<dfn id=bnf-formauth-form-name title=bnf-formauth-form-name>form-name</dfn> = quoted-string</pre><p>The <a href=#bnf-formauth-form title=bnf-formauth-form>form</a> parameter, if
+  present, indicates that the first <code><a href=#the-form-element>form</a></code> element in the
+  entity body whose <a href=#attr-form-name title=attr-form-name>name</a> is the
+  specified string, in <a href=#tree-order>tree order</a>, if any, is the login
+  form. If the parameter is omitted, then the first <code><a href=#the-form-element>form</a></code>
+  element in the entity body, in <a href=#tree-order>tree order</a>, if any, is
+  the login form.<p>There is no <code title="">credentials</code> production for this
+  scheme because the login information is to be sent as a normal form
+  submission and not using the <code title="">Authorization</code>
+  HTTP header.<p>This authentication scheme must only be used for entities whose
+  bodies contain HTML or XML with at least one <code><a href=#the-form-element>form</a></code>
+  element.<p class=note>Pages that include a login form but are not
+  protected by the login form (and for which a 401 response would
+  therefore be inappropriate) can have an "<code title="">HTML</code>"
+  challenge included in a <code title="">WWW-Authenticate</code>
+  header even though the response code is not 401. This allows user
+  agents to identify login forms on pages even when the user might not
+  want to log in.<h3 id=interactive-elements><span class=secno>4.11 </span>Interactive elements</h3><h4 id=the-details-element><span class=secno>4.11.1 </span>The <dfn><code>details</code></dfn> element</h4><dl class=element><dt>Categories</dt>
    <dd><a href=#flow-content-0>Flow content</a>.</dd>
    <dd><a href=#interactive-content-0>Interactive content</a>.</dd>
    <dt>Contexts in which this element may be used:</dt>
Received on Tuesday, 25 November 2008 05:29:25 UTC