[whatwg] Solving the login/logout problem in HTML

[Ian Hickson]

On Tue, 25 Nov 2008, Julian Reschke wrote:
> 
> I was hoping that the authentication scheme you're defining can be used 
> without parsing the HTML response.
> 
> A simple way to achieve it would be to restrict it to username/password 
> pairs, and to have the names of these form parameters live in the 
> response headers as well.

We would have to, at a minimum, include the name of the username field, 
the name of the password field, and the URL of the form to POST to. I am 
very wary of duplicating information that is already available as it tends 
to become out of date and thus ends up being even more of a pain than if 
the information isn't there in the first place.


> > > OK, so how do you tell a mount command that your credentials are 
> > > more complex than username/password?
> > 
> > How do you tell a mount command that your credentials are a 
> > certificate?
> 
> If your credentials are a cert, why would you use form-base logon? (I 
> admit I'm not an expert on these issue, so please by patient with me).

My point was not that a form might use cert authentication, but that 
whatever mechanism is available today for logging in with authentication 
schemes other than username/password would be the same ones one would 
continue to use to login to systems with authentication schemes other than 
username/password.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'