[whatwg] Solving the login/logout problem in HTML

Julian Reschke julian.reschke at gmx.de
Tue Nov 25 13:52:29 PST 2008

Ian Hickson wrote:
>> People are trained to configure credentials as value pairs (name, 
>> password). Anything more complex than that will be tricky to deploy in 
>> generic frameworks.
> Nothing requires servers to do anything but username/password.


> I don't really understand what you are asking here. Presumably in a system 
> where only username/password credentials are desired, only username/ 
> password credentials will be used.

I was hoping that the authentication scheme you're defining can be used 
without parsing the HTML response.

A simple way to achieve it would be to restrict it to username/password 
pairs, and to have the names of these form parameters live in the 
response headers as well.

>> OK, so how do you tell a mount command that your credentials are more 
>> complex than username/password?
> How do you tell a mount command that your credentials are a certificate?

If your credentials are a cert, why would you use form-base logon? (I 
admit I'm not an expert on these issue, so please by patient with me).

> ...

BR, Julian

More information about the whatwg mailing list