- From: Micah Dubinko <MDubinko@cardiff.com>
- Date: Tue, 28 May 2002 15:16:48 -0700
- To: "'Bjoern Hoehrmann'" <derhoermi@gmx.net>, www-forms@w3.org
Hi Bjoern, This feature (along with all others in section 5) is for "future consideration", and not being addressed as part of XForms 1.0. For that particular feature, there are a number of security considerations, such as indicating the difference between an "authentic" authorization form and a "spoofed" one that tricks people into entering their password. We're already beginning to look into aspects of XForms 2.0 (or whatever version comes next). Feel free to share your thoughts. Thanks, .micah -----Original Message----- From: Bjoern Hoehrmann [mailto:derhoermi@gmx.net] Sent: Saturday, May 25, 2002 3:58 PM To: www-forms@w3.org; www-html@w3.org Subject: XForms requirement 5.8: HTTP Authentication Front-end Hi, I'd like to know what happend to requirement 5.8 of the XHTML Forms Requirements document [1]: [...] 5.8 HTTP Authentication Front-end Current user agents typically implement HTTP authentication with a pop-up window requesting name and password. It should be possible for XForms to be used as a front end for HTTP authentication. [...] There are many people who use different ways of authentication management on web sites, essentially cookies or proprietary means of "session tracking", e.g. appending some session id to all URIs after the user once has logged into the site using some HTML form. Many of them do so, because HTTP authentication as commonly implemented into browsers does not fit their design and/or usability demands. I think this is a unnecessary, sometimes harmful abuse of technology and have hoped, XHTML 2.0 could make a change considering it's XForms integration. The latest draft does not discuss this feature, so I fear XForms 1.0 and/or it's integration into XHTML 2.0 will not enable web page authors to use XForms for HTTP authentication. Is this true and if yes, why? [1] http://www.w3.org/TR/2001/WD-xhtml-forms-req-20010404 regards.
Received on Tuesday, 28 May 2002 18:17:56 UTC