W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1996

v11-03 COMMENT: 14 Access Authentication

From: David W. Morris <dwm@shell.portal.com>
Date: Tue, 28 May 1996 08:16:44 -0700 (PDT)
To: http working group <http-wg@cuckoo.hpl.hp.com>
Message-Id: <Pine.SUN.3.90.960528080204.1601B-100000@jobe.shell.portal.com>
There seems to be a conflict between:

  Proxies MUST be completely transparent regarding user agent
  authentication. That is, they MUST forward the WWW-Authenticate and
  Authorization headers untouched, and MUST NOT cache the response to a
  request containing Authorization.

(approximately 71 lines from the heading in draft -03) and section 
"18.9 Authorization":

  When a shared cache (see section 16.6) receives a request containing an
  Authorization field, it MUST NOT return the corresponding response as a
  reply to any other request, unless one of the following specific
  exceptions holds: [...]

To resolve the conflict, I would propose the paragraph in section 14 be
changed to read:

  Proxies MUST be completely transparent regarding user agent
  authentication. That is, they MUST forward the WWW-Authenticate and
  Authorization headers untouched, and MUST NOT use a cached response
  to a request containing Authorization to satisfy a new request except
  as specified in section 18.9.

Dave Morris
Received on Tuesday, 28 May 1996 08:16:44 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:00 EDT