Martin Atkins wrote:
...
I may be forgetting missing some use-cases here (I don't recall what
exactly motivated this custom auth scheme) but there may still be value
in a cut-down version of this scheme:
> ...
I concede that once you generalize it in this way it becomes even less
relevant to the HTML spec than it was to begin with, though I'm not sure
where else to propose such a thing, and in practice as long as websites
are primarily HTML login forms presumably will be as well.
...
Indeed.
The specification of this scheme (which essentially is a no-op to
implement for browser vendors and which already works "almost
everywhere") could either happen in the W3C or in the IETF. I'm happy to
assist in case the latter alternative is chosen.
Best regards, Julian
PS: And, as Robert S. stated, HTML5 should specify that the response
body should be displayed when the auth scheme is unknown.
