- From: Harry Halpin <hhalpin@ibiblio.org>
- Date: Tue, 24 Jan 2012 12:52:36 +0100
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: W3C Public Archive <www-archive@w3.org>, Thomas Roessler <tlr@w3.org>
On Tue, Jan 24, 2012 at 11:29 AM, Julian Reschke <julian.reschke@gmx.de> wrote:
> Hi there,
>
> in the past few weeks I've been reminded about the lack for a logout() from
> HTTP authentication several times -- I believe first in webapps, then the
> IETF http-auth mailing list, then also in an internal product discussion.
>
> This is a very old issue, a good summary is in the Mozilla bug:
> <https://bugzilla.mozilla.org/show_bug.cgi?id=287957>.
>
> I hear that this might be covered by the proposed charter of the new web
> cryptography WG, <http://www.w3.org/2011/11/webcryptography-charter.html>,
> and I'd love to find out that it's going to happen over there. If it does
> not, it would be good to find out as soon as possible, and then maybe find
> another venue in the W3C (webapps?); unless you want the IETF to start on JS
> APIs :-)
Just to be clear, the upcoming Web Cryptography API is focussing on
"control of TLS session login/logout" and "lifecycle control of
credentials (such as the enrollment, selection, and revocation of
credentials." This would not include HTTP Auth logout per se, but
would include "logging out" of a TLS session. I could imagine an
upcoming W3C WG on identity (likely starting this year) to cover such
functionality in co-ordination with the IETF. Randomly throwing in
things in WebApps WG and so causing a rechartering is a probably a bad
idea.
cheers,
harry
I do not
>
> Best regards, Julian
>
> bcc'd lots of people who I hope are interested...
Received on Tuesday, 24 January 2012 11:53:06 UTC