Re: Tying "form-filler support" to HTTP authentication from Mike Beltzner on 2006-05-24 (public-usable-authentication@w3.org from May 2006)

From: Mike Beltzner <beltzner@mozilla.com>
Date: Wed May 24 14:18:38 2006
To: public-usable-authentication@w3.org
Message-ID: <1700680313-1148480312-cardhu_blackberry.rim.net-17292-@engine27-cell02>

We don't have any hard metrics on this, although extensions like RoboForm seem quite popular, and anecdotally, I've seen Password Manager get quite a lot of use, more from casual (who have it remember all their passwords) than advanced (who tend to use it to remember passwords they don't care about).

For Firefox 2 we hope to have the facility to get a better sense of where users are spending their time in the browser, and have better data then. 

cheers,
mike 
-----Original Message-----
From: "Dan Schutzer" <dan.schutzer@fstc.org>
Date: Wed, 24 May 2006 06:53:30 
To:"'Thomas Roessler'" <tlr@w3.org>, <public-usable-authentication@w3.org>
Subject: RE: Tying "form-filler support" to HTTP authentication

I think this could form a good base from which to grow stronger mutual
authentication, but it would have to be built to be trustworthy. I am
curious, what has been the take-up of people, what percentage/number of
people actually use these agents today? Is it a large and growing number? If
only a small percentage use them, then they are a less attractive candidate.

-----Original Message-----
From: public-usable-authentication-request@w3.org
[mailto:public-usable-authentication-request@w3.org] On Behalf Of Thomas
Roessler
Sent: Wednesday, May 24, 2006 5:57 AM
To: public-usable-authentication@w3.org
Subject: Tying "form-filler support" to HTTP authentication

What we called "form-filler support" in New York essentially
boils down to enabling user agents to reliably recognize form
fields that are used to enter credentials.  Having additional
markup for authentication-related forms (or microformat-like
annotations) would serve two main use cases:

- User agents can reliably manage passwords (and, possibly,
  other credentials).

- User agents can grab the content of these fields and not
  submit it through HTTP POST, but use it as credentials for
  whatever HTTP authentication mechanism is to be used.

(Each of these would need slightly different semantics in terms
of mark-up.)

Additionally (and essentially "for free"), user agents could
use this mark-up to trigger whatever additional user interface
mechanisms and rituals they might come up with.

I'd very much welcome feed-back about this general approach as
a scope for one particular direction of further work.

PS: I'm in Edinburgh at WWW 2006; if you want to talk about
this in person, feel free to drop me a line.

Regards,
-- 
Thomas Roessler, W3C   <tlr@w3.org>

Received on Wednesday, 24 May 2006 14:18:38 UTC