W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2008

[whatwg] Solving the login/logout problem in HTML

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 25 Nov 2008 22:35:52 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0811252233030.17401@hixie.dreamhostps.com>
On Tue, 25 Nov 2008, Julian Reschke wrote:
> 
> I was hoping that the authentication scheme you're defining can be used 
> without parsing the HTML response.
> 
> A simple way to achieve it would be to restrict it to username/password 
> pairs, and to have the names of these form parameters live in the 
> response headers as well.

We would have to, at a minimum, include the name of the username field, 
the name of the password field, and the URL of the form to POST to. I am 
very wary of duplicating information that is already available as it tends 
to become out of date and thus ends up being even more of a pain than if 
the information isn't there in the first place.


> > > OK, so how do you tell a mount command that your credentials are 
> > > more complex than username/password?
> > 
> > How do you tell a mount command that your credentials are a 
> > certificate?
> 
> If your credentials are a cert, why would you use form-base logon? (I 
> admit I'm not an expert on these issue, so please by patient with me).

My point was not that a form might use cert authentication, but that 
whatever mechanism is available today for logging in with authentication 
schemes other than username/password would be the same ones one would 
continue to use to login to systems with authentication schemes other than 
username/password.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 25 November 2008 14:35:52 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:07 UTC