v11-03 COMMENT: 14 Access Authentication

There seems to be a conflict between:

  Proxies MUST be completely transparent regarding user agent
  authentication. That is, they MUST forward the WWW-Authenticate and
  Authorization headers untouched, and MUST NOT cache the response to a
  request containing Authorization.

(approximately 71 lines from the heading in draft -03) and section 
"18.9 Authorization":

  When a shared cache (see section 16.6) receives a request containing an
  Authorization field, it MUST NOT return the corresponding response as a
  reply to any other request, unless one of the following specific
  exceptions holds: [...]

To resolve the conflict, I would propose the paragraph in section 14 be
changed to read:

  Proxies MUST be completely transparent regarding user agent
  authentication. That is, they MUST forward the WWW-Authenticate and
  Authorization headers untouched, and MUST NOT use a cached response
  to a request containing Authorization to satisfy a new request except
  as specified in section 18.9.

Dave Morris

Received on Tuesday, 28 May 1996 08:16:44 UTC