RE: Tying "form-filler support" to HTTP authentication

I think this could form a good base from which to grow stronger mutual
authentication, but it would have to be built to be trustworthy. I am
curious, what has been the take-up of people, what percentage/number of
people actually use these agents today? Is it a large and growing number? If
only a small percentage use them, then they are a less attractive candidate.

-----Original Message-----
From: public-usable-authentication-request@w3.org
[mailto:public-usable-authentication-request@w3.org] On Behalf Of Thomas
Roessler
Sent: Wednesday, May 24, 2006 5:57 AM
To: public-usable-authentication@w3.org
Subject: Tying "form-filler support" to HTTP authentication


What we called "form-filler support" in New York essentially
boils down to enabling user agents to reliably recognize form
fields that are used to enter credentials.  Having additional
markup for authentication-related forms (or microformat-like
annotations) would serve two main use cases:

- User agents can reliably manage passwords (and, possibly,
  other credentials).

- User agents can grab the content of these fields and not
  submit it through HTTP POST, but use it as credentials for
  whatever HTTP authentication mechanism is to be used.

(Each of these would need slightly different semantics in terms
of mark-up.)

Additionally (and essentially "for free"), user agents could
use this mark-up to trigger whatever additional user interface
mechanisms and rituals they might come up with.

I'd very much welcome feed-back about this general approach as
a scope for one particular direction of further work.

PS: I'm in Edinburgh at WWW 2006; if you want to talk about
this in person, feel free to drop me a line.

Regards,
-- 
Thomas Roessler, W3C   <tlr@w3.org>

Received on Wednesday, 24 May 2006 11:00:33 UTC