Re: Web Cryptography Working Group scoping progressing...

On 4 Nov 2011, at 00:37, Brian Smith wrote:

> Henry Story wrote:
>> "API access to control of SSL/TLS logout, "
>> 
>> +1 on that one. Thanks for adding it.
> 
> Actually, I disagree that this is the proper place for this to be standardized, since there are also non-TLS scenerios where no crypto is used but where a logout mechanism is needed (e.g. for HTTP basic auth).

Logout in TLS can be done already in Firefox and IE, with the following JavaScript


function logout(elem) {
   if (document.all == null) {
      if (window.crypto) {
          try{
              window.crypto.logout();
              return false; //firefox ok -- no need to follow the link
          } catch (err) {//Safari, Opera, Chrome -- try with tis session breaking
          }
      } else { //also try with session breaking
      }
   } else { // MSIE 6+
      document.execCommand('ClearAuthenticationCache');
      return false;
   };
   return true
}

http://www.w3.org/wiki/Foaf%2Bssl/HOWTO

I suggest that the group take it on, and either specify it or help find the group that will specify it so that it can work on all browsers.

> 
> I would prefer for the working group to focus on the crypto API.
> 
> - Brian

Social Web Architect
http://bblfish.net/

Received on Friday, 4 November 2011 09:23:37 UTC