Re: SSL Logout possibility in Javascript from Henry Story on 2011-07-27 (public-xg-webid@w3.org from July 2011)

From: Henry Story <henry.story@bblfish.net>
Date: Wed, 27 Jul 2011 18:15:08 +0200
To: "public-xg-webid@w3.org XG" <public-xg-webid@w3.org>, public-identity@w3.org, tls@ietf.org
Cc: "Yngve N. Pettersen" <yngve@opera.com>
Message-Id: <3BD3E194-FD9E-4BC8-B7A6-E291DA22A895@bblfish.net>

I have just played around with the javascript login/logout possibilities mentioned by Anders Rundgren. The javascript I am using is that the end. Note that I am using xhtml currently, so that may have its own side effects - i.e., perhaps things work better in plain html... I am trying to see if login also works with javascript. That would be very useful, because people can easily click on the cancel button of a certificate, and the browser then remembers that decision. So I am looking to see if one can then force a login again...

Here are some temporary conclusions with browsers I tried on OSX

Firefox 5.0.1

 - logout works
 - login works if clicking the cancel button. One has to go to a new web page though.

Safari 5.1

  - logout does not work with javascript
   (but Safari does recognise TLS error codes sent, so that those can be used to logout - I have not tested this version though)

Chrome 13.0.782.99

  - logout does not work and neither does login

Opera 11.50
 
  - login, logout: does not recognise the window.crypto object
 

So that is good news. I guess that means we have Internet Explorer and Firefox we can easily 
logout with. Being able to log-in again as with Firefox in case a mistake is made is also very helpful.
Are there some other tricks one can use perhaps?

//this is for xhtml
//these functions are described here http://html5.creation.net/webcrypto-api/
<script language="JavaScript" type="text/javascript">
 <![CDATA[
     function logout() {
     if (document.all == null) // FF, Opera, etc
        {      
           alert('logout in ff,opera...')
           if (window.crypto) window.crypto.logout();
           else alert('no window.crypto')
        }      
      else // MSIE 6+
        {      
           alert('logout in msie') 
           document.execCommand('ClearAuthenticationCache');
        };     
     }
     function login() {
     if (document.all == null) // FF, Opera, etc
        {      
           alert('login in ff,opera...')
           if (window.crypto) window.crypto.logout();
            else alert('no window.crypto')
        }      
      else // MSIE 6+
        {      
           alert('login in msie') 
           document.execCommand('ClearAuthenticationCache');
        };     
     }
 ]]>
 </script>

Social Web Architect
http://bblfish.net/

Received on Wednesday, 27 July 2011 16:15:52 UTC