canvas 2d context
Encrypted Media Extensions
HTML 5 spec
HTML 5: The Markup Language
HTML WG website
HTML5 differences from HTML4
HTML5 Spec - PR Blockers
Media Source Extensions
pre-LC1 alt techniques
pre-LC1 authoring guide
pre-LC1 HTML 5 spec
Erika Doyle Navara
Philippe Le Hégaret
Joshue O Connor
Handling HTTP status 401 responses / User Agent Authentication Forms
HTTP authentication is in little use in the public web. Most web sites use an HTML form (returned with status 200) and Cookies instead.
This causes quite some problems when the same HTTP resource is accessed both by interactive user agents (browsers) and other clients (web crawlers, download tools, non-HTML based applications using HTTP as application protocol, such as AtomPub or WebDAV). So, authentication should be decoupled from HTML forms so it can be used by non-HTML clients as well.
There are multiple reasons that led to the current situation:
1) The two authentication mechanisms defined in RFC2617 (basic and digest) aren't considered sufficient. This is a problem that whoever updates RFC2617 will have to consider (for now, likely an IETF activity).
2) Browsers do not display the text/html response body of a HTTP 401 response, instead, they just pop up a modal authentication dialog (until "cancel" is pressed).
3) Servers do not send a meaningful response body with the 401 status as browsers do not display it anyway.
HTML5 could help with issues 2) and 3) by defining a way for servers to indicate that the text/html content returned with the 401 status should be displayed to the user, allowing to use an embedded form to enter credentials, which then would be used by the browser for proper HTTP authentication.
There's an old W3C note discussing this: <http://www.w3.org/TR/1999/NOTE-authentform-19990203>.
Related discussion in the Mozilla Bugzilla: <https://bugzilla.mozilla.org/show_bug.cgi?id=271383>
Add notes (no markup allowed, URIs get automatically hyperlinked):
See also: <http://www.whatwg.org/issues/#WF3-httpauth>
before we make this a design issue, let's see if the WG agrees it's a requirement for HTML 5