- From: Henry Story <henry.story@bblfish.net>
- Date: Fri, 4 Nov 2011 10:23:06 +0100
- To: Brian Smith <bsmith@mozilla.com>
- Cc: public-identity@w3.org, Harry Halpin <hhalpin@w3.org>
On 4 Nov 2011, at 00:37, Brian Smith wrote:
> Henry Story wrote:
>> "API access to control of SSL/TLS logout, "
>>
>> +1 on that one. Thanks for adding it.
>
> Actually, I disagree that this is the proper place for this to be standardized, since there are also non-TLS scenerios where no crypto is used but where a logout mechanism is needed (e.g. for HTTP basic auth).
Logout in TLS can be done already in Firefox and IE, with the following JavaScript
function logout(elem) {
if (document.all == null) {
if (window.crypto) {
try{
window.crypto.logout();
return false; //firefox ok -- no need to follow the link
} catch (err) {//Safari, Opera, Chrome -- try with tis session breaking
}
} else { //also try with session breaking
}
} else { // MSIE 6+
document.execCommand('ClearAuthenticationCache');
return false;
};
return true
}
http://www.w3.org/wiki/Foaf%2Bssl/HOWTO
I suggest that the group take it on, and either specify it or help find the group that will specify it so that it can work on all browsers.
>
> I would prefer for the working group to focus on the crypto API.
>
> - Brian
Social Web Architect
http://bblfish.net/
Received on Friday, 4 November 2011 09:23:37 UTC