Re: [ServiceWorker] HTTP authentication and proxy authentication hook (#119)

I'm fairly certain that both the Shared Worker and the Service Worker proposal by @jakearchibald  won't really be something we can reliably/safely implement in Chrome, and would definitely be something the Chrome networking team would push back on for implementation in layering concerns. It's also fairly non-deterministic.

>From the networking side, David and I are fairly supportive of the "Request in a [Shared/Service]Worker that would result in UI gets aborted" as the baseline, and then trying to iterate in a way that may allow some interaction iff the *Worker can deterministically control it, and the user agent can mediate it.

But to @annevk 's point of allowing client auth to be controlled in the way HTTP auth is, that's also a bit of a non-starter on the grounds of privacy/security. We can't reveal anything about the certificates available (they're rife with PII and persistent identifiers that are potentially non-revocable) without some form of prior user mediation, and in a way that's at least quasi-understandable by users (read: "Do you want this website to know everything about you?" *isn't* that :-1: )

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/119#issuecomment-118327036

Received on Friday, 3 July 2015 11:46:10 UTC