W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

Multiple Proxy-Authenticate challenges?

From: Gisle Aas <gisle@aas.no>
Date: Thu, 2 Apr 1998 16:34:53 +0100 (BST)
To: http-wg@cuckoo.hpl.hp.com
Message-Id: <m3btukfhvk.fsf@furu.g.aas.no>
Is there a good reason why WWW-Authenticate can have multiple
challenges while Proxy-Authenticate can't?

draft-ietf-http-v11-spec-rev-03:

>         Proxy-Authenticate  = "Proxy-Authenticate" ":" challenge
>         WWW-Authenticate  = "WWW-Authenticate" ":" 1#challenge

I also think that the following sentence from the description of
WWW-Authenticate fits better if moved to the draft-ietf-http-authentication
document as it is the one that define "challenge".

>                                                          User agents
>  MUST take special care in parsing the WWW-Authenticate field value if it
>  contains more than one challenge, or if more than one WWW-Authenticate
>  header field is provided, since the contents of a challenge may itself
>  contain a comma-separated list of authentication parameters.


Regards,
Gisle
Received on Friday, 3 April 1998 02:04:33 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:14 EDT