The web is an interactive medium. Websites provide content to the user and users provide information to websites. This providing of content to the user can be in the context of a transaction such as the purchasing of some good or an authentication request. One approach to the solicitation of user input on the web is the use of Hypertext Markup Language (HTML) forms. HTML forms involve a webpage containing interface widgets which enable free-form text entry. In the case of authentication requests there are further methods known that are supported by the underlying transport protocols for HTML: Hypertext Transfer Protocol (HTTP)-based authentication and client-side certificates.
Data submitted in forms are error prone. It is not possible to send certified data through a web-form. The user can only enter free-form text. In addition, HTTP-based authentication has a further usability problem. In order to process a HTTP authentication request, the browser usually displays a popup window which cannot be dismissed until it is answered. This process takes control of the browser and prevents the browser from switching to different tabs or different sessions. When the user opens several (browsing) tabs, it is not clear which tab triggered the popup request.
Client-side certificates cannot be used for soliciting general attributes. In addition, the certificates inherently allow the website to track a user from session to session.
Thus, there is a need to provide improved solutions for performing transactions between a client and a server.