[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Auth]simplest logon design proposal
|
From: |
R. Saravanan |
|
Subject: |
[Auth]simplest logon design proposal |
|
Date: |
Wed, 25 Jul 2001 11:52:23 -0700 (PDT) |
Here are some comments on the simple logon proposal,
which appears to be a good starting point.
1. Rather than introducing a new MIME type, one could
could consider introducing a new protocol or URI
scheme. For example, the following URI could be used
instead of the dotGNU xml file mentioned in the
proposal
x-dotgnu://localhost/login?url=https://www.hightechinfo.com&account=name&password=secret
The advantage of using an URI scheme is that websites
do not need to define a new MIME type. The
disadvantage is that everything the website wants has
to encoded into the URI, which cannot be too long.
(By using localhost, we assume the password is stored
in a local database. One could generalize the URI yo
allow password sotrage on remote hosts.)
As far as integration with the browser is concerned,
defining a new URI scheme is not very different from
defining a new MIME type. I know this to be true for
IE and Mozilla. Of course, the user would need to
download and install a "plugin" of some sort for
integration in either case.
2. Instead of using the EMBED tag, one could use the
SCRIPT and NOSCRIPT tags to activate the logon. If the
browser doesn't support scripting, or the user has
turned it off, the NOSCRIPT content could contain the
default logon page. The SCRIPT portion could check if
the dotGNU integration software has been installed,
and then try to authenticate automatically, either by
loading the URL requesting the x-dotgnu file (or by
using the x-dotgnu: protocol).
3. In addition to supporting plain text password
authentication (similar to the HTTP Basic
Authentication) the logon scheme should also support
the newer Digest-MD5 authentication, which uses a
challenge-response protocol without having to transmit
the plaintext password. The challenge information may
need to be part of the x-dotgnu file, which means that
it cannot be a static document.
I'll have more comments later ...
Saravanan
Mozilla contributor (http://protozilla.mozdev.org)
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
- Re: [Auth]simplest logon design proposal, (continued)
- Re: [Auth]simplest logon design proposal, Albert Scherbinsky, 2001/07/27
- Re: [Auth]simplest logon design proposal, Albert Scherbinsky, 2001/07/31
- Re: [Auth]simplest logon design proposal, Charles Iliya Krempeaux, 2001/07/31
- Re: [Auth]simplest logon design proposal, Rhys Weatherley, 2001/07/31
- Re: [Auth]simplest logon design proposal, Albert Scherbinsky, 2001/07/31
- Re: [Auth]simplest logon design proposal, Charles Iliya Krempeaux, 2001/07/31
[Auth]simplest logon design proposal, meson, 2001/07/25
Re: [Auth]simplest logon design proposal, meson, 2001/07/25
[Auth]simplest logon design proposal,
R. Saravanan <=