[whatwg] Browser Signature Standards Proposal
mikes at opera.com
Thu Nov 2 01:55:54 PST 2006
Alexey Feldgendler <alexey at feldgendler.ru>, 2006-11-02 15:23 +0600:
> On Thu, 02 Nov 2006 14:27:33 +0600, Anders Rundgren <anders.rundgren at telia.com> wrote:
> > - A "process" that differs from authentication from the user's point of view
> This is a problem of browser UI design, not of web standards.
What do you expect might happen when N different browser vendors
each go off on their own and, working in isolation from one
another, independently design and implement their own interfaces
for handling what we've been discussing?
> As I say above, this should be solved at browser UI level. The
> browsers should make it clear to the user that presenting a
> client-side certificate to a website is effectively an act of
> disclosing and proving the user's identity, and that every piece
> of information he sends to the server (every user action) is
I'd love to hear some concrete suggestions on how you'd propose
going about making that all clear to users through the browser UI.
I just hope it's not a dialog box with text saying "Presenting a
client-side certificate to a website is effectively an act of
disclosing and proving your identity, and every piece of
information you send to the server (every action) is
non-repudiable", with a checkbox that says "Don't show me this
warning next time."
> (And, of course, presentation of any client-side
> certificates to the server should be optional, easily
> switchable, and obviously indicated.)
Again, what do you expect would happen when N different browser
vendors -- without getting together with one another to work on
any kind of specification for a mechanism for handling all that --
independently design and implement their own mechanisms?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2245 bytes
Desc: not available
More information about the whatwg