Olivier, I'm still a little perplexed, see below.
> >> * session expiration, because the GWT RPC will fail soon (401). > >> * forbiden because the GWT RPC will fail soon (403). > > When session is expired, the RPC will fail soon with a 401 (Auth > required status), before GWT 1.5 it was not (easily ) possible to > detect such failure. But session expiration is not an issue for HTTP > basic.>> * activation of widget when authority is granted. Originally, I thought your points were against HTTP auth, but now it looks like they were for it? > > About widget activation && authorization, I my proposal the widget are > aware of the authentication events so they can activate/desactivate > when login/logout occurs. This doesn't come up for me. I secure my site in such a way that you don't get any widgets until you're authenticated and authorized. I thought you were referring to a more fine grained authorization scheme where certain widgets appear only for certain users. That sort of entitlement management goes beyond authorization, and the point I was making was that it seems somewhat orthogonal to what protocol you use for auth. Walden --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
