- From: Mark Nottingham <mnot@mnot.net>
- Date: Mon, 18 Oct 2010 15:19:04 +1100
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Robert Collins <robertc@robertcollins.net>, HTTP Working Group <ietf-http-wg@w3.org>
It's widely used enough that implementers need to be aware of it, so ignoring it isn't an option. We should only special-case it if we're confident that no other such cases do / will exist. IMHO. On 23/09/2010, at 2:19 AM, Julian Reschke wrote: > On 22.09.2010 08:01, Mark Nottingham wrote: >> >> On 15/09/2010, at 2:59 AM, Julian Reschke wrote: >>> >>> So maybe we should be pragmatic and say: >>> >>> - the realm is defined for all authentication protocols >>> - SHOULD be provided in the challenge >>> - if not provided, header should be treated as if an empty realm was specified >> >> >> +0.5. >> >> I'm not thrilled about it, but unless someone wants to argue that we shouldn't impose realms on all authentication schemes... >> ... > > It would probably help if we had a agreement on whether we consider Negotiate a proper authentication scheme. > > Do we ignore it, do we accept it, or do we special-case it? > > Best regards, Julian -- Mark Nottingham http://www.mnot.net/
Received on Monday, 18 October 2010 04:19:36 UTC