W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

RE: Backwards definition of authentication header

From: Thomas Maslen <Thomas.Maslen@quest.com>
Date: Fri, 4 Dec 2009 09:04:13 -0800
To: Eran Hammer-Lahav <eran@hueniverse.com>, Julian Reschke <julian.reschke@gmx.de>
CC: "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
Message-ID: <723530449330F342A68634ADF3CE8DE20398842EFF@alvxmbw02.prod.quest.corp>
[...]
>> Is there anything *except* for the broken ABNF with respect to Basic that
>> makes you think the definition isn't binding?
>
> No. But since Basic is 50% of 2617, it is a pretty big exception... :-)

For what it's worth, the "Negotiate" and :"NTLM" auth schemes are like Basic inasmuch as they just have the scheme name followed by a Base64 blob.

(Perhaps schemes such as Digest that actually satisfy the ABNF are in the minority?)
Received on Friday, 4 December 2009 17:04:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:14 GMT