- From: Peter Williams <home_pw@msn.com>
- Date: Fri, 2 Dec 2011 08:29:20 -0800
- To: "public-xg-webid@w3.org" <public-xg-webid@w3.org>
- Message-ID: <SNT143-W61B9E772582293E83FBE5892B60@phx.gbl>
I suggest experimenting with a technique related to webid on the FCNS test site. It can be that project's first foray of working with the 50% of the browser population that (consistently) uses IE. This community seems very much under-represented, in this W3C community. When a user uses a webapp's logout button (webid style logout, that is), consider -- when IE is detected to be the browser -- sending the javascript mentioned in the link, below: http://yorkporc.wordpress.com/2011/11/30/clearing-ie-ssl-state-setting-ctls-on-websites-using-one-one-iis-mapping/ one can can test what happens when, then, should one log back into the same FCNS site using the SAME BROWSER tab, *if* one is prompted for to pick an identity credential (client cert). I assume the test user has multiple such credentials - and that 2 or more do indeed satisfy whatever constraints the server sends in the SSL handshake, if any.) I have not tried the technique using the javascript ; having only found the result useful when manually inviting the user to do manually that which the technique achieves when using UI (File->New Session). Logically, a user MAY wish to select a different identity credential, or have parallel sessions on a website. There are several usability issues here, once you start experimenting in practice. But, we should make a start, with IE, so the webid logout (SSL session destruction) is induced by the FCNS test site for a least 50% of the UA population. Note this webid logout does not do a SSL close; it merely creates the conditions to induce *conforming* SSL handshaking for (safe) SSL connection closing(s).
Received on Friday, 2 December 2011 16:29:48 UTC