please define JS-based logout for HTTP authentication

Hi there,

in the past few weeks I've been reminded about the lack for a logout() 
from HTTP authentication several times -- I believe first in webapps, 
then the IETF http-auth mailing list, then also in an internal product 
discussion.

This is a very old issue, a good summary is in the Mozilla bug: 
<https://bugzilla.mozilla.org/show_bug.cgi?id=287957>.

I hear that this might be covered by the proposed charter of the new web 
cryptography WG, 
<http://www.w3.org/2011/11/webcryptography-charter.html>, and I'd love 
to find out that it's going to happen over there. If it does not, it 
would be good to find out as soon as possible, and then maybe find 
another venue in the W3C (webapps?); unless you want the IETF to start 
on JS APIs :-)

Best regards, Julian

bcc'd lots of people who I hope are interested...

Received on Tuesday, 24 January 2012 10:30:29 UTC