W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

RE: [OAUTH-WG] OAuth and HTTP caching

From: Eran Hammer-Lahav <eran@hueniverse.com>
Date: Tue, 22 Sep 2009 10:24:30 -0700
To: "Roy T. Fielding" <fielding@gbiv.com>, John Panzer <jpanzer@google.com>
CC: "oauth@ietf.org" <oauth@ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343784D58619@P3PW5EX1MB01.EX1.SECURESERVER.NET>
> -----Original Message-----
> From: Roy T. Fielding [mailto:fielding@gbiv.com]
> Sent: Tuesday, September 22, 2009 10:09 AM

> Just follow the HTTP spec.

That what I am trying to figure out...

Does the HTTP spec mandates that new authentication protocols use the WWW-Authenticate and Authorization headers? Are the headers required for existing caches and servers to operate properly? If they are not included in authenticated requests, are there other requirements to make sure it doesn't break existing deployment?

Thanks,

HEL
Received on Tuesday, 22 September 2009 17:25:25 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:10 GMT