Ian Hickson wrote:
A simple way to achieve it would be to restrict it to username/password
pairs, and to have the names of these form parameters live in the
response headers as well.
We would have to, at a minimum, include the name of the username field,
the name of the password field, and the URL of the form to POST to. I am
very wary of duplicating information that is already available as it tends
to become out of date and thus ends up being even more of a pain than if
the information isn't there in the first place.
I would expect that information to be autogenerated.
Anyway, if it's out of sync, authentication is not going to work, so it
should be noticed quickly.
...
BR, Julian
