- From: Yngve Nysaeter Pettersen <yngve@opera.com>
- Date: Mon, 25 Jun 2007 16:55:03 +0200
- To: "Mary Ellen Zurko" <Mary_Ellen_Zurko@notesdev.ibm.com>, public-wsc-wg@w3.org
On Mon, 25 Jun 2007 15:17:29 +0200, Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com> wrote: > What do we have in our set of proposals that addresses trust decisions > posed by Basic Authentication? The realm information (within the modal > dialog in the browser I use) is set by the web site. The browser I use > puts the domain in the title bar. When I have the resolution on my > display > cranked down to increase the size of everything (something I do more and > more these days), the most pertinent part of the domain is truncated from > the right hand side of the dialog's title display. I very much want to > know that the domain ends in "ibm.com" when I think I'm typing in my IBM > password. What, if anything, do we have in our proposals that addresses > this? I don't recall having seen anything about this, at least major discussion. I think a discussion of this should not be limited to Basic, but should include the other methods, such as Digest and NTLM/Negotiate, as well. Opera displays the servername as a field inside the dialog, as well as the realm, which is presented as a message from the server. We are currently considering what we display in this dialog and how it is displayed, from both a usability and a security point of view. Parts of what is being considered are: - How to present the security of the credential transmission - How to present the identity (at least the hostname) of who is asking for the credentials in a usable manner. This is a problem that is not restricted to authentication, but extends to such areas as the display of the URL in address bar and determining if two servers are allowed to share cookies. See references below for some discussion and background on that. http://my.opera.com/yngve/blog/show.dml/267415 http://weblogs.mozillazine.org/gerv/archives/2007/01/effective_tld_list_help_wanted.html http://wiki.mozilla.org/Gecko:Effective_TLD_Service -- Sincerely, Yngve N. Pettersen ******************************************************************** Senior Developer Email: yngve@opera.com Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax: +47 24 16 40 01 ********************************************************************
Received on Monday, 25 June 2007 14:54:32 UTC