On Fri, 10 Jun 2011, Cameron Heavon-Jones wrote:
i'd like to reference a proposal i put forward in relation to expanding
the functionality of forms which displays how http authentication could
be implemented declaratively by html authors:
On 14/06/2011, at 10:40 AM, Dave Kok wrote:
What do you mean by it's a protocol thing? The idea is to provide a UI to
enable a human to interact with the protocol, this must be present in some
way, either by the UA as at present, or through forms as suggested.
Personally I prefer the
Op vrijdag 10 juni 2011 19:36:15 schreef u:
On 10/06/2011, at 4:23 PM, Dave Kok wrote:
Ultimately a user-agent must use whatever
method required by the server not the method defined by the author. A
user- agent can transparently find out which method to use with a HEAD
request. Or if
On 10/06/2011, at 2:12 PM, Dave Kok wrote:
I very much like the header type as a generic feature but would suggest not
using it for HTTP authorization. As for user-agents to support it through
forms have to use special processing anyways. So I would suggest simply
declaring it on the form
On 3/11/11, Dave Kok upda...@davekok.net wrote:
This may very well be a natural consequence of having a proposal like
this implemented. But this would assume that implementers feel that
having a logout button embedded into documents is considered superior
then having a UA provided logout
Op vrijdag 10 juni 2011 16:07:01 schreef u:
On 10/06/2011, at 2:12 PM, Dave Kok wrote:
I very much like the header type as a generic feature but would suggest
not using it for HTTP authorization. As for user-agents to support it
through forms have to use special processing anyways. So I
On 10/06/2011, at 4:23 PM, Dave Kok wrote:
Op vrijdag 10 juni 2011 16:07:01 schreef u:
On 10/06/2011, at 2:12 PM, Dave Kok wrote:
I very much like the header type as a generic feature but would suggest
not using it for HTTP authorization. As for user-agents to support it
through forms have
On 10/06/2011, at 4:23 PM, Dave Kok wrote:
Ultimately a user-agent must use whatever
method required by the server not the method defined by the author. A
user- agent can transparently find out which method to use with a HEAD
request. Or if transport layer security is used simply guess one
On Tue, 1 Mar 2011, Boris Zbarsky wrote:
On 3/1/11 5:29 PM, Ian Hickson wrote:
I am still faced with the fact that there is no way to clear the
HTTP authentication credentials cache.
To some extent that's up to the browser. It logs you in, it can offer
the ability to log you
Op 10-03-11 20:02:26 schreef Bjartur Thorlacius:
On 3/3/11, Dave Kok upda...@davekok.net wrote:
Here is a more formal proposal for Session Management. Hoping to get
more traction.
Your former proposal was very well formed. The only thing I don't see
is a good use case making this proposal
On 3/3/11, Dave Kok upda...@davekok.net wrote:
Here is a more formal proposal for Session Management. Hoping to get
more traction.
Your former proposal was very well formed. The only thing I don't see is a
good use case making this proposal worthy of endorsement and
implementation.
SCOPE
02-03-11 18:42:41 schreef Bjartur Thorlacius:
On 3/2/11, Dave Kok upda...@davekok.net wrote:
Op 02-03-11 13:16:11 schreef Bjartur Thorlacius:
On 3/2/11, Dave Kok upda...@davekok.net wrote:
Op 01-03-11 23:29:26 schreef Ian Hickson:
On Thu, 25 Nov 2010, Dave Kok wrote:
I am still faced with the
Op 02-03-11 22:11:48 schreef Roger Hågensen:
Method #3:
The server (or serverside script, like PHP or similar) sends the
following to the browser:
header('HTTP/1.0 401 Unauthorized');
header('WWW-Authenticate: Close realm=My Realm');
*PS! the auth stuff is much longer here
On 2011-03-03 10:44, Dave Kok wrote:
Op 02-03-11 22:11:48 schreef Roger Hågensen:
Method #3:
The server (or serverside script, like PHP or similar) sends the
following to the browser:
header('HTTP/1.0 401 Unauthorized');
header('WWW-Authenticate: Close realm=My Realm');
*PS! the
Op 03-03-11 12:17:22 schreef Roger Hågensen:
On 2011-03-03 10:44, Dave Kok wrote:
Op 02-03-11 22:11:48 schreef Roger Hågensen:
Method #3:
The server (or serverside script, like PHP or similar) sends the
following to the browser:
header('HTTP/1.0 401 Unauthorized');
Here is a more formal proposal for Session Management. Hoping to get
more traction.
SCOPE
The proposal is restricted solely the HTML5 spec. Though in the
rational HTTP and authentication are mentioned as by example.
INTERFACE
This proposal requests for an new interface to be added to HTML5
Op 01-03-11 23:29:26 schreef Ian Hickson:
On Thu, 25 Nov 2010, Dave Kok wrote:
I am still faced with the fact that there is no way to clear the
HTTP
authentication credentials cache.
To some extent that's up to the browser. It logs you in, it can offer
the ability to log you out.
You can
On 3/2/11, Dave Kok upda...@davekok.net wrote:
Op 01-03-11 23:29:26 schreef Ian Hickson:
On Thu, 25 Nov 2010, Dave Kok wrote:
I am still faced with the fact that there is no way to clear the
HTTP
authentication credentials cache.
To some extent that's up to the browser. It logs you in, it
Op 02-03-11 13:16:11 schreef Bjartur Thorlacius:
On 3/2/11, Dave Kok upda...@davekok.net wrote:
Op 01-03-11 23:29:26 schreef Ian Hickson:
On Thu, 25 Nov 2010, Dave Kok wrote:
I am still faced with the fact that there is no way to clear the
HTTP authentication credentials cache.
To some extent
On 3/2/11, Dave Kok upda...@davekok.net wrote:
Op 02-03-11 13:16:11 schreef Bjartur Thorlacius:
On 3/2/11, Dave Kok upda...@davekok.net wrote:
Op 01-03-11 23:29:26 schreef Ian Hickson:
On Thu, 25 Nov 2010, Dave Kok wrote:
I am still faced with the fact that there is no way to clear the
HTTP
On 2011-03-02 18:42, Bjartur Thorlacius wrote:
Just see what happens when users login to a site, then navigate to
another and authenticate to the latter, and then logout from the
latter. In that case, they're still authenticated to the former site.
In theory, this shouldn't be a problem, as
On 3/1/11 5:29 PM, Ian Hickson wrote:
I am still faced with the fact that there is no way to clear the HTTP
authentication credentials cache.
To some extent that's up to the browser. It logs you in, it can offer the
ability to log you out.
For what it's worth, Firefox even has UI for
Hi Subscribers,
I am not sure if I am at the right mailing list for this. But I was
wondering if it would be beneficial to have some kind of session
control feature in the Web Applications spec.
Currently the spec defines sessionStorage which I think is a great. It
allows me to stop using
23 matches
Mail list logo