spec/Overview.html 1.1641 2470 Remove the WWW-Authenticate 'HTML' schem from poot on 2008-11-27 (public-html-diffs@w3.org from November 2008)

From: poot <cvsmail@w3.org>
Date: Fri, 28 Nov 2008 05:54:53 +0900 (JST)
To: public-html-diffs@w3.org
Message-Id: <20081127205454.293FE2BBFA@toro.w3.mag.keio.ac.jp>
Remove the WWW-Authenticate 'HTML' scheme and replace it with
requirements on browsers to ignore unknown schemes. (whatwg r2470)

4.11 Interactive elements
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1641.html#interactive-elements
Fragment identifiers: If the absolute URL of the new resource is the same as the address of the active document of the browsing context being navigated, ignoring any <fragment> components of those URLs, and the new resource is to be fetched using HTTP GET or equivalent, then navigate to that fragment identifier and abort these steps.
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1641.html#navigate-fragid-step
broadcast formchange events
http://people.w3.org/mike/diffs/html5/spec/Overview.1.1641.html#broadcast-formchange-events

http://people.w3.org/mike/diffs/html5/spec/Overview.diff.html
http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.1640&r2=1.1641&f=h
http://html5.org/tools/web-apps-tracker?from=2469&to=2470

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.1640
retrieving revision 1.1641
diff -u -d -r1.1640 -r1.1641
--- Overview.html 27 Nov 2008 02:20:11 -0000 1.1640
+++ Overview.html 27 Nov 2008 20:37:55 -0000 1.1641
@@ -509,8 +509,7 @@
        <li><a href=#multipart-form-data><span class=secno>4.10.15.4 </span>Multipart form data</a></li>
        <li><a href=#plain-text-form-data><span class=secno>4.10.15.5 </span>Plain text form data</a></ol></li>
      <li><a href=#resetting-a-form><span class=secno>4.10.16 </span>Resetting a form</a></li>
-     <li><a href=#event-dispatch><span class=secno>4.10.17 </span>Event dispatch</a></li>
-     <li><a href=#login-forms><span class=secno>4.10.18 </span>Login forms</a></ol></li>
+     <li><a href=#event-dispatch><span class=secno>4.10.17 </span>Event dispatch</a></ol></li>
    <li><a href=#interactive-elements><span class=secno>4.11 </span>Interactive elements</a>
     <ol>
      <li><a href=#the-details-element><span class=secno>4.11.1 </span>The <code>details</code> element</a></li>
@@ -23690,31 +23689,7 @@
    <a href=#tree-order>tree order</a>, <a href=#fire-a-simple-event>fire a simple event</a> named
    <var title="">event name</var> at the element.</li>
 
-  </ol><h4 id=login-forms><span class=secno>4.10.18 </span>Login forms</h4><p>A common use for forms is user authentication. To indicate that
-  an HTTP <a href=#url>URL</a> requires authentication through such a form
-  before use, the HTTP 401 response code with a <code title="">WWW-Authenticate</code> challenge "<code title="">HTML</code>" may be used.<p>For this authentication scheme, the framework defined in RFC2617
-  is used as follows. <a href=#references>[RFC2617]</a><pre><dfn id=bnf-formauth-challenge title=bnf-formauth-challenge>challenge</dfn> = "<code title="">HTML</code>" [ <a href=#bnf-formauth-form title=bnf-formauth-form>form</a> ]
-<dfn id=bnf-formauth-form title=bnf-formauth-form>form</dfn>      = "<code title="">form</code>" "<code title="">=</code>" <a href=#bnf-formauth-form-name title=bnf-formauth-form-name>form-name</a>
-<dfn id=bnf-formauth-form-name title=bnf-formauth-form-name>form-name</dfn> = quoted-string</pre><p>The <a href=#bnf-formauth-form title=bnf-formauth-form>form</a> parameter, if
-  present, indicates that the first <code><a href=#the-form-element>form</a></code> element in the
-  entity body whose <a href=#attr-form-name title=attr-form-name>name</a> is the
-  specified string, in <a href=#tree-order>tree order</a>, if any, is the login
-  form. If the parameter is omitted, then the first <code><a href=#the-form-element>form</a></code>
-  element in the entity body, in <a href=#tree-order>tree order</a>, if any, is
-  the login form.<p>There is no <code title="">credentials</code> production for this
-  scheme because the login information is to be sent as a normal form
-  submission and not using the <code title="">Authorization</code>
-  HTTP header.<p>This authentication scheme must only be used for entities whose
-  bodies contain HTML or XML with at least one <code><a href=#the-form-element>form</a></code>
-  element.<p class=note>Pages that include a login form but are not
-  protected by the login form (and for which a 401 response would
-  therefore be inappropriate) can have an "<code title="">HTML</code>"
-  challenge included in a <code title="">WWW-Authenticate</code>
-  header even though the response code is not 401. This allows user
-  agents to identify login forms on pages even when the user might not
-  want to log in.<p class=note>The lack of a <code title=bnf-formauth-realm>realm</code> parameter in the challenge
-  is an intentional violation of RFC2617 (it isn't clear how the realm
-  concept would apply in this context).<h3 id=interactive-elements><span class=secno>4.11 </span>Interactive elements</h3><h4 id=the-details-element><span class=secno>4.11.1 </span>The <dfn><code>details</code></dfn> element</h4><dl class=element><dt>Categories</dt>
+  </ol><h3 id=interactive-elements><span class=secno>4.11 </span>Interactive elements</h3><h4 id=the-details-element><span class=secno>4.11.1 </span>The <dfn><code>details</code></dfn> element</h4><dl class=element><dt>Categories</dt>
    <dd><a href=#flow-content-0>Flow content</a>.</dd>
    <dd><a href=#interactive-content-0>Interactive content</a>.</dd>
    <dt>Contexts in which this element may be used:</dt>
@@ -29902,6 +29877,21 @@
    
     <!-- XXX should we define 205 processing here? e.g. reset all forms? -->
 
+    <p>HTTP 401 responses that do not include a challenge recognised
+    by the user agent must be processed as if they had no challenge,
+    e.g. rendering the entity body as if the response had been 200
+    OK.</p>
+
+    <p>User agents may show the entity body of an HTTP 401 response
+    even when the response do include a recognised challenge, with the
+    option to login being included in a non-modal fashion, to enable
+    the information provided by the server to be used by the user
+    before authenticating. Similarly, user agents should allow the
+    user to authenticate (in a non-modal fashion) against
+    authentication challenges included in other responses such as HTTP
+    200 OK responses, effectively allowing resources to present HTTP
+    login forms without requiring their use.</p>
+
    </li>
 
    <li><p>Let <var title="">type</var> be <a href=#content-type-sniffing-0 title="Content-Type
Received on Thursday, 27 November 2008 20:55:32 UTC