WebID-ISSUE-58 (logout): Login/Logout behavior [User Interface/Browsers]

WebID-ISSUE-58 (logout): Login/Logout behavior [User Interface/Browsers]


Raised by: Henry Story
On product: User Interface/Browsers

The WebID protocol relies on TLS. There are a number of issues relating to logging in and logging out of TLS that could be improved, at the HTTP, TLS or browser level. We need to gather all the knowledge accumulated on this topic into one document for the final report.

Some logout issues:
  - logout using TLS exceptions is not implemented in any browser
  - a javascript api works but only for IE and Firefox
  - HTTP logout headers could be developed to move this behaviour to the HTTP layer
  - most browsers don't show the users' identity in the browser (that would allow the user to logout)

Login issues:
   for a site that is fully behind https one does not want the (human) user to come to a site and be asked for a TLS certificate before he even sees the site. A human user should be redirected to a site explaining why his identity is requested. But a robot arguably should be asked for his certificate immediately. There are a number of solutions to this, they should be described.

Received on Thursday, 15 September 2011 08:36:28 UTC