- From: Tim <tim-research@sentinelchicken.org>
- Date: Thu, 6 Jan 2011 08:50:00 -0800
- To: public-webapps@w3.org
Hello, It occurred to me recently that the way in which the current draft XMLHttpRequest standard is written could be extended to allow for other forms of authentication at lower layers. In particular, it should be possible to allow for the use of pre-shared key authentication (RFC 4279) or for SRP/TLS based on the credentials provided in the open() method. For password-based systems in TLS, it should be a simple matter to just *allow* for such behavior, but not necessarily define it in detail. However, it does sort of open the door for more complex authentication schemes at lower layers, including certificate authentication and the like. Perhaps optional parameters of some sort would be needed to support this. What do you think? tim
Received on Thursday, 6 January 2011 18:12:44 UTC