HTTP authentication should have a "Log Out" button, so that credentials are no longer automatically sent to URIs in the protection space. This should be a button of some kind.
You can do this with Clear Private Data, but that's not exactly easy to get to.
A browser widget, or an in-markup widget? Both?
OK, the preliminary plan is to do an XBL thing, and see how that goes. It should get the backend in shape.
Dolske, do you have context for what this bug wants to do and if it's still relevant, and/or should we just close as incomplete/wontfix at this point?
I assume this bug is asking for a site-specific logout mechanism. You can clear the browser's entire HTTP auth cache for a session (comment 1), but can't selectively log out from a web site. Given that browsers have basically worked this way forever, I don't think this is likely to be prioritized any time soon.