Ian Hickson wrote:
On Wed, 26 Nov 2008, Julian Reschke wrote:
If the form is more complex than two fields (identity/secret), then I
don't see how authentication is going to work except by displaying the
form -- just extracting the field names certainly wouldn't be
sufficient, even if they would be reasonable self-describing.
So, in the current form, this proposal only helps in marking the
server's response as *being* a login form, but not really in making it
more usable for a non-HTML client...
Do you have a concrete example where the login form is complex in a manner
where the fields can't be identified and there is reason to believe that a
bot will want to authenticate but won't have been given enough information
to do so?
Well, it was you stating that the form could be arbitrarily complex.
If it's just two text fields, one of which of type password, then no, it
wouldn't be hard.
BR, Julian
