W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2011

Re: [apps-discuss] I-D Action: draft-nottingham-http-new-status-02.txt

From: Yutaka OIWA <y.oiwa@aist.go.jp>
Date: Mon, 14 Nov 2011 17:19:36 +0900
Message-ID: <CAL8DUN8EwiAxt+vdDv5LT3hC1pBDQhCJgg2mwWWy_y1dn9oRQg@mail.gmail.com>
To: TianLinyi <tianlinyi@huawei.com>
Cc: Apps Discuss <apps-discuss@ietf.org>, httpbis Group <ietf-http-wg@w3.org>
401 is a specific status code for kicking in *HTTP* authentication.
It requires servers to supply an appropriate WWW-Authenticate header.
It seems to be not a "general status code" of your sense.

The proposed 511 is a status code in general 5XX category,
indicating that there is no way at HTTP level to successfully
complete the request at this moment, due to some server-side reason.
The 511 status carries a "hint", in addition to usual 5XX statuses,
to clients that the provided response is not supplied directly
from the requested peer, and some man-in-the-middle has
refused to forward a request without some more user
interactions (usually an application-level authentication or payments).
Such interactions are performed in some higher protocol layer than HTTP.

2011/11/14 TianLinyi <tianlinyi@huawei.com>:
> Hi, Mark
>
> I am wondering the relationship betwen "511 Network Authentication Required" and " 401 Unauthorized". 401 is a general status code for requiring user authentication. However "requiring network access" may be part of the sementics of user authentication. How to clearly distinguish them?
>
> In the description it mentioned the following sentence:
> The response representation SHOULD indicate how to do this; e.g.,
>   with an HTML form for submitting credentials.
> However it is clear how to do this? Will it be leaving to implementation (e.g. the parameters included in the HTML form)?
>
> Cheers,
> Linyi
>
> On 13/11/2011, at 8:33 PM, Randall Gellens wrote:
>
>> In today's APPAREA/APPSWG session, Mark briefly talked about this
>> draft, and when mentioning the 511 code, said that his intent was not
>> to encourage captive portal interception as a technique for network
>> access authorization or authentication, but rather to reduce the harm
>> that such mechanisms cause.
>>
>> I agree with all these goals, but in looking at
>> draft-nottingham-http-new-status-03.txt, I wonder if it would be
>> helpful to add some text in section 6 that mentions some of the ill
>> effects of the method, and mentions or points to a few better
>> alternative mechanisms for authorizing network access.
>
>
>>
>> --
>> Randall Gellens
>> Opinions are personal;    facts are suspect;    I speak for myself only
>> -------------- Randomly selected tag: ---------------
>> Hofstadter's Law:
>>   It always takes longer than you expect, even when you take
>>   Hofstadter's Law into account.
>
> --
> Mark Nottingham
> http://www.mnot.net/
>
>
>
>
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss
>



-- 
--
Yutaka OIWA, Ph.D.                                       Research Scientist
                           Research Center for Information Security (RCIS)
   National Institute of Advanced Industrial Science and Technology (AIST)
                     Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D  3139 8677 9BD2 4405 46B5]
Received on Monday, 14 November 2011 08:20:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:50 GMT