W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2011

Re: #320: add advice on defining auth scheme parameters

From: Willy Tarreau <w@1wt.eu>
Date: Sat, 29 Oct 2011 14:23:18 +0200
To: Mark Nottingham <mnot@mnot.net>
Cc: Julian Reschke <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20111029122318.GA32320@1wt.eu>
Hi Mark, Julian,

On Sat, Oct 29, 2011 at 10:23:06PM +1100, Mark Nottingham wrote:
> I'm +1 on this. Normally we shouldn't have to go to this level of detail, but the syntax here is very brittle, so it's worth doing.
> 
> Any objections?

[disclaimer: I've not read the initial issue]

In the following header from Julian's example :

     WWW-Authenticate: Newauth realm="apps", type=1,
                       title="Login to \"apps\"", Basic realm="simple"

I'm seeing 4 independant comma-delimited values, which could also be
expressed and individually processed like this with the same meaning :

     WWW-Authenticate: Newauth realm="apps"
     WWW-Authenticate: type=1
     WWW-Authenticate: title="Login to \"apps\""
     WWW-Authenticate: Basic realm="simple"

I'm not sure this is precisely what's desired since Julian suggested
there were two challenges in this example (Newauth and Basic). Thus I
would have written them that way with semi-colons to split the attributes :

     WWW-Authenticate: Newauth realm="apps"; type=1;
                       title="Login to \"apps\"", Basic realm="simple"

which would then be equivalent to :

     WWW-Authenticate: Newauth realm="apps"; type=1; title="Login to \"apps\""
     WWW-Authenticate: Basic realm="simple"

It would be nice to clarify this point since it can be confusing.

Regards,
Willy
Received on Saturday, 29 October 2011 12:23:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:49 GMT