Re: [XHR] open method extension for TLS authentication

Anne, others,

Do you have any opinions on this?

There have recently been some good discussions around HTTP
authentication on IETF mailing lists, and I think having some
flexibility here would be useful in the long run.

tim



On Thu, Jan 06, 2011 at 08:50:00AM -0800, Tim wrote:
> Hello,
> 
> It occurred to me recently that the way in which the current draft
> XMLHttpRequest standard is written could be extended to allow for
> other forms of authentication at lower layers.  In particular, it
> should be possible to allow for the use of pre-shared key
> authentication (RFC 4279) or for SRP/TLS based on the credentials
> provided in the open() method.  For password-based systems in TLS,
> it should be a simple matter to just *allow* for such behavior, but
> not necessarily define it in detail.
> 
> However, it does sort of open the door for more complex authentication
> schemes at lower layers, including certificate authentication and the
> like.  Perhaps optional parameters of some sort would be needed to
> support this.
> 
> What do you think?
> tim

Received on Thursday, 3 February 2011 16:44:28 UTC