- From: Sameer Ajmani <ajmani@chord.lcs.mit.edu>
- Date: Wed, 19 Apr 2000 16:30:38 -0400
- To: www-html@w3.org
I have a proposal for a feature to add to HTML; my apologies if it has been proposed before: Many sites have incorporated authentication mechanisms to guard clients' private data. The servers also time out client sessions to prevent (in theory) the wrong people from using a client's browser session to access private data. Unfortunately, this doesn't data on the screen or remove data from the client's cache. I suggest an HTML tag that specifies when an object should "timeout": the browser can "gray out" the classified object when the specified amount of time has passed since the page was loaded from the server. Alternately, the server could specify and expiration date for the object. The browser should also gray out classified objects on pages in cache. I'm not sure if such a scheme would be accepted as a feature or an annoyance, but it should improve security. Of course, this requires that classified data be encrypted when stored on disk (and possibly in memory as well). Unfortunately, I'm not familiar enough with XHTML to suggest a syntax, but it may be possible to use its event model to schedule timeouts. I'd appreciate any and all comments, and please let me know if this has been suggested before (I checked the archives and didn;t find much). Thanks, --Sameer Ajmani MIT Lab for Com Sci ajmani@mit.edu
Received on Wednesday, 19 April 2000 16:30:39 UTC