[whatwg] Solving the login/logout problem in HTML
ian at hixie.ch
Tue Nov 25 14:35:52 PST 2008
On Tue, 25 Nov 2008, Julian Reschke wrote:
> I was hoping that the authentication scheme you're defining can be used
> without parsing the HTML response.
> A simple way to achieve it would be to restrict it to username/password
> pairs, and to have the names of these form parameters live in the
> response headers as well.
We would have to, at a minimum, include the name of the username field,
the name of the password field, and the URL of the form to POST to. I am
very wary of duplicating information that is already available as it tends
to become out of date and thus ends up being even more of a pain than if
the information isn't there in the first place.
> > > OK, so how do you tell a mount command that your credentials are
> > > more complex than username/password?
> > How do you tell a mount command that your credentials are a
> > certificate?
> If your credentials are a cert, why would you use form-base logon? (I
> admit I'm not an expert on these issue, so please by patient with me).
My point was not that a form might use cert authentication, but that
whatever mechanism is available today for logging in with authentication
schemes other than username/password would be the same ones one would
continue to use to login to systems with authentication schemes other than
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg