On Mon, May 22, 2006 at 02:45:45PM -0400, Robert Sayre wrote: > On 5/22/06, Nicolas Williams <[EMAIL PROTECTED]> wrote: > > > >As Sam says: the browser must change. > > Sure, and I suspect almost all browser vendors are willing to do that, > but I think better security is an insufficient motivator for web > authors. The requirement for mutual authentication was interesting to > me. Groups extending Web formats and APIs[1] often encounter > situations where a slightly elevated trust level for certain scripts > would be useful. > > Offering a carrot in the form of an extended JavaScript API for > authenticated scripts would probably accelerate deployment of these > new efforts.
Call it an "extended JavaScript API" or something else, it doesn't matter what it is called, as long as it is: a) a browser function b) that can be invoked from an HTML UI element c) and which ties into the actual protocol and authentication mechanism(s) used on the wire Again, you can call the HTML UI element a form, or something else. It is a carrot. Those who don't want to use it won't have to. But why not use it if it's available? That this all has to live in the browser should be no obstacle. That web site authors have to detect its presence in their client browsers and choose to use it should be no obstacle either. Nico -- _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
