Re: 3 Proposals: session ID, business-card auth, customer auth

Terje Norderhaug (Norderhaug.CHI@xerox.com)
Thu, 20 Jul 1995 19:15:29 -0800

At 4:47 PM 7/20/95, Koen Holtman pointed out the importance of state
information as part of an HTTP request:

>Session-id allows for a reliable and relatively straightforward
>implementation of what I call a `statefull dialog' between user and
>service, that is a dialog that extends beyond the submission of one
>form. By allowing statefull dialogs, session-id will greatly increase
>the potential of the web as a two-way communications medium.

Yes! At least, it will provide for a much cleaner implementation than today,
where state information need to be coded into the URL (or using the
password mechanism) to create more advanced services such as adaptive
two-way communication.

>I want my browser to support session-id because this will allow me to
>get new interesting services. If I can't have the services without
>giving up some of my privacy, I will in fact gladly give up some of my
>privacy.

As state information currently can be (and is) coded into the URL, passing
the same information in other ways will not force you to give up any more
privacy than you already have (depending on implementation, of course).

-- Terje <Norderhaug.CHI@Xerox.com>
<URL:http://www.ifi.uio.no/~terjen/>