- From: Tim <tim-research@sentinelchicken.org>
- Date: Thu, 3 Feb 2011 08:42:34 -0800
- To: public-webapps@w3.org
Anne, others, Do you have any opinions on this? There have recently been some good discussions around HTTP authentication on IETF mailing lists, and I think having some flexibility here would be useful in the long run. tim On Thu, Jan 06, 2011 at 08:50:00AM -0800, Tim wrote: > Hello, > > It occurred to me recently that the way in which the current draft > XMLHttpRequest standard is written could be extended to allow for > other forms of authentication at lower layers. In particular, it > should be possible to allow for the use of pre-shared key > authentication (RFC 4279) or for SRP/TLS based on the credentials > provided in the open() method. For password-based systems in TLS, > it should be a simple matter to just *allow* for such behavior, but > not necessarily define it in detail. > > However, it does sort of open the door for more complex authentication > schemes at lower layers, including certificate authentication and the > like. Perhaps optional parameters of some sort would be needed to > support this. > > What do you think? > tim
Received on Thursday, 3 February 2011 16:44:28 UTC