[XHR] open method extension for TLS authentication

Hello,

It occurred to me recently that the way in which the current draft
XMLHttpRequest standard is written could be extended to allow for
other forms of authentication at lower layers.  In particular, it
should be possible to allow for the use of pre-shared key
authentication (RFC 4279) or for SRP/TLS based on the credentials
provided in the open() method.  For password-based systems in TLS,
it should be a simple matter to just *allow* for such behavior, but
not necessarily define it in detail.

However, it does sort of open the door for more complex authentication
schemes at lower layers, including certificate authentication and the
like.  Perhaps optional parameters of some sort would be needed to
support this.

What do you think?
tim

Received on Thursday, 6 January 2011 18:12:44 UTC