Re: HTTPS Client Certificate Authentication - Browser Implementation Guidelines

On 05/18/2014 05:41 AM, Melvin Carvalho wrote:
>
>
>
> On 18 May 2014 10:01, Anders Rundgren <anders.rundgren.net@gmail.com 
> <mailto:anders.rundgren.net@gmail.com>> wrote:
>
>     If the WebID folks including TimBL believe that the only problem
>     is the UI, 
>
>
> Has anyone stated this?
>
>     the most
>     logical thing to do would be creating a document like the subject
>     line suggests.
>
>
> +1

My sense is vendors (in any market) are far, far more likely to adopt a 
recommendation they are part of creating.  So I think the odds of 
success would be much higher if one could get the major browser vendors 
to participate.

This sounds like a new CG, because you'd want to include the people who 
don't know or care about WebID.

        -- Sandro

>
>     There is a risk that the vendors will simply laugh at such a
>     request,  but that's much
>     better than promising improvements that so far haven't even been
>     acknowledged by
>     those who are supposed to implement them.
>
>     I would personally be very interested in hearing what the "right"
>     session inactivity
>     timeout for logout is.  Client-side enforced logout requires TCP
>     reset.
>
>     Anders
>
>

Received on Sunday, 18 May 2014 13:55:52 UTC