W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2008

Re: sketch of a simple authentication protocol

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Sun, 06 Apr 2008 00:36:44 +0200
To: Toby A Inkster <tai@g5n.co.uk>
Cc: Story Henry <henry.story@bblfish.net>, Semantic Web <semantic-web@w3.org>, foaf-dev Friend of a <foaf-dev@lists.foaf-project.org>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1207435004.11881.34.camel@HenrikLaptop>

tor 2008-04-03 klockan 09:55 +0100 skrev Toby A Inkster:

> An additional detail which is missing in your diagramme is: what  
> happens if Romeo's client doesn't send an Agent-Id header (I used  
> HTTP "From" header originally, but it doesn't really matter what the  
> header is called)

In HTTP this usually results in a 401 Unauthorized, asking the requestor
to identify himself..

> or Juliette decides she doesn't trust Romeo.

Thats usually a 401 (identity not trusted, please supply another) or 403
(I know you but do not want to speak to you).

In the response entity or headers you MAY provide additional
information, such as the location of the public profile, just as you MAY
on any response.

I think it in this case can be assumed the requestor already knows the
public profile, no need to redirect back there, and such redirections
only risk resulting in some implementations entering a loop..

Regards
Henrik
Received on Saturday, 5 April 2008 22:38:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:46 GMT