- From: Andrei Sambra <andrei@fcns.eu>
- Date: Wed, 31 Aug 2011 15:23:15 +0200
- To: public-xg-webid@w3.org
On 08/31/2011 03:16 PM, Henry Story wrote: > > On 31 Aug 2011, at 12:35, Dan Brickley wrote: > >> On 29 August 2011 10:13, Dominik Tomaszuk<ddooss@wp.pl> wrote: >>> Hi all, >>> >>> It might be interesting: >>> http://html5.creation.net/webcrypto-api/ >> >> Meanwhile, http://www.matasano.com/articles/javascript-cryptography/ >> has some criticism of browser-based .js crypto... > > Thanks for the link. I was expecting some criticism of this type to surface sooner or later. > > I have argued on the identity group that one thing that could be very useful would be client side logout javascript apis to standardise what Firefox and Internet Explorer are doing. That would be secure and simple to implement. Wouldn't it be simpler to let each service manage the login/logout process? As far as I can tell, once you finish the initial verification (when you ask for the browser certificate) you can save the result into a session and leave the rest to the service. Otherwise you'd have to repeat the same process for each html request, which is what currently happens, forcing us to click that "remember my choice" checkbox. Andrei > Henry > > >> >> Dan >> > > Social Web Architect > http://bblfish.net/ > >
Received on Wednesday, 31 August 2011 13:24:18 UTC