RE: Add timeouts for security to HTML

> From:	Sameer Ajmani []
> I suggest an HTML tag that specifies when an object should "timeout":
> the browser can "gray out" the classified object when the specified
	"gray out" has no meaning in a structural markup 
	context.  How do you grey out a text only or voice
	synthesized display?  Even in GUI browsers, greyed
	out material is normally perfectly readable.

	What does "object" mean in this context?

> amount of time has passed since the page was loaded from the server.
> Alternately, the server could specify and expiration date for the
> object.  The browser should also gray out classified objects on pages in
> cache.
	To the extent that an object equates to a page, this
	is already catered for within HTTP, which is the
	right place to handle page (or object element) level

	I'd suggest that URL level is the only realistic level
	at which to apply such controls and therefore it is a
	question of how the browser handles existing cache
	control meta data from the HTTP protocol.  In particular,
	HTML level controls cannot do anything about PDF, flash,
	etc. content.

	In any case, this is not real security as one can easily
	substitute a browser that doesn't enforce the policy.

Received on Thursday, 20 April 2000 07:32:32 UTC