W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2006

Re: Caching authentication state

From: Roy T. Fielding <fielding@gbiv.com>
Date: Sat, 11 Mar 2006 11:28:38 -0800
Message-Id: <509429ED-E4EC-42E0-B5C5-A36E71F1F621@gbiv.com>
Cc: ietf-http-wg@w3.org
To: Mark Nottingham <mnot@yahoo-inc.com>

On Mar 10, 2006, at 3:08 PM, Mark Nottingham wrote:
> a) Is the intent of the first SHOULD to allow credential caching  
> (e.g., similar to [1]) in intermediaries?

No, the intent is to allow credential caching in user agents (the only
creatures to whom Authorization applies).

The rest of the section you quoted is irrelevant overspecification of
the simple fact that responses to a request containing Authorization
are not shared-cacheable unless explicitly made so by the origin server
header fields (that are more than adequately defined elsewhere, making
those additions here confusing).

....Roy
Received on Saturday, 11 March 2006 19:39:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:42 GMT