[whatwg] Web form and HTTP authentication
Mark Nottingham
mnot at mnot.net
Thu Aug 26 22:54:40 PDT 2004
Mike Dierken pointed this out as well:
http://www.w3.org/TR/NOTE-authentform
(I haven't looked at it in depth yet, but it appears to be a concrete
proposal along these lines)
On Aug 25, 2004, at 11:12 PM, Mark Nottingham wrote:
> Hi,
>
> I was wondering if there's been any discussion of adding HTTP
> authentication capabilities to Web forms or other products of the WG
> (If there has, apologies in advance; I think the work happening here
> is important, but I don't have the time to track it closely).
>
> For example, I could imagine having form controls or widgets to:
> - remove a site's authentication state from the browser when
> activated (i.e., a "log out" interface)
> - add user data to a site's authentication state in the browser
> (i.e., "log on" interfaces)
> - display the user's current authentication state
>
> There are a few good reasons to do this. Many sites use cookies to
> authenticate users, because HTTP authentication doesn't have any
> mechanism to allow logging out (a key requirement of financial
> institutions and other sensitive applications), and because the UI for
> HTTP authentication can't be controlled, and doesn't offer an
> "anyonymous" / "not logged in" view.
>
> By accommodating HTTP authentication in Web forms, it will be possible
> to have styled, custom "log on" interfaces as part of pages, as well
> as "log out" facilities, while still retaining the benefits of HTTP
> authentication.
>
> Specifically, HTTP authentication is more secure than cookies (when
> Digest auth is used), and is more amenable to automated processes
> (agents, spiders, etc.) as well as alternate browsing devices (screen
> readers, etc.).
>
> What do people think? I understand that Web forms 2.0 is probably too
> advanced for this, but I'd love to see something happen in this area
> eventually. Also, the security aspects would need to be handled
> carefully, but I think that if it's done properly, it could be a huge
> benefit to the Web as well as Web forms.
>
> Cheers,
>
> --
> Mark Nottingham http://www.mnot.net/
>
--
Mark Nottingham http://www.mnot.net/
More information about the whatwg
mailing list