W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

Re: Multiple challenges in a single WWW-Authenticate header field

From: Dan Winship <dan.winship@gmail.com>
Date: Fri, 04 Dec 2009 09:26:40 -0500
Message-ID: <4B191C20.3010309@gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
CC: Thomas Broyer <t.broyer@gmail.com>, "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
On 12/04/2009 03:01 AM, Eran Hammer-Lahav wrote:
> I wasn't questioning the need to provide multiple challenges in a
> single response. I was only questioning the wisdom in allowing
> multiple challenges in a single header field, given the odd
> combination of separators it creates. It would be nice to try and
> deprecate this practice, while still requiring clients to deal
> with it for backwards compatibility.

This possibility was discussed before and basically rejected; see the
thread starting at
http://lists.w3.org/Archives/Public/ietf-http-wg/2008JulSep/0300.html.

If you think OAuth is likely to be used in combination with other
WWW-Authenticate methods, you should start filing bugs against browsers
now :-}

-- Dan
Received on Friday, 4 December 2009 14:26:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:13 GMT