- From: Eran Hammer-Lahav <eran@hueniverse.com>
- Date: Fri, 4 Dec 2009 09:34:39 -0700
- To: Dan Winship <dan.winship@gmail.com>
- CC: Thomas Broyer <t.broyer@gmail.com>, "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
Thanks for the reference. I guess adding a auth scheme specific restriction won't work either. EHL > -----Original Message----- > From: Dan Winship [mailto:dan.winship@gmail.com] > Sent: Friday, December 04, 2009 6:27 AM > To: Eran Hammer-Lahav > Cc: Thomas Broyer; HTTP Working Group (ietf-http-wg@w3.org) > Subject: Re: Multiple challenges in a single WWW-Authenticate header field > > On 12/04/2009 03:01 AM, Eran Hammer-Lahav wrote: > > I wasn't questioning the need to provide multiple challenges in a > > single response. I was only questioning the wisdom in allowing > > multiple challenges in a single header field, given the odd > > combination of separators it creates. It would be nice to try and > > deprecate this practice, while still requiring clients to deal with it > > for backwards compatibility. > > This possibility was discussed before and basically rejected; see the thread > starting at http://lists.w3.org/Archives/Public/ietf-http- > wg/2008JulSep/0300.html. > > If you think OAuth is likely to be used in combination with other WWW- > Authenticate methods, you should start filing bugs against browsers now :-} > > -- Dan
Received on Friday, 4 December 2009 16:34:59 UTC