Tuesday, December 2nd, 2008
A common use for forms is user authentication. To indicate that
an HTTP URL requires authentication through such a form
before use, the HTTP 401 response code with a
HTML” may be used.
For this authentication scheme, the framework defined in RFC2617
is used as follows. [RFC2617]
The form parameter, if
present, indicates that the first
formelement in the
entity body whose name is the
specified string, in tree order, if any, is the login
form. If the parameter is omitted, then the first
element in the entity body, in tree order, if any, is
the login form.
There is no
credentialsproduction for this
scheme because the login information is to be sent as a normal form
submission and not using the
Mark then goes on to say:
This idea has been kicked around for more than a decade. Microsoft wrote User Agent Authentication Forms in 1999. Mark Nottingham asked the WHATWG to investigate the idea in 2004. Better late than never, Ian Hickson summarizes the feedback to date. No doubt this new proposal will generate further discussion. No browsers currently support this proposal.
The idea makes total sense to me. The old HTTP BASIC style of authentication is a dying bread due to the annoying popup style and implementation. It needs a shake up, don’t you think?
Posted by Dion Almaer at 6:54 am