W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: WGLC #349: "strength"

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 1 Jun 2012 10:50:17 +1000
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <81FE5FE4-6B20-487C-AE06-A165A46CFB8F@mnot.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>

On 31/05/2012, at 11:59 PM, Stephen Farrell wrote:
>> """
>> Both the Authorization field value and the Proxy-Authorization field value contain the client's credentials for the realm of the resource being requested, based upon a challenge received from the server (possibly at some point in the past). When creating their values, the user agent ought to do so by selecting the challenge with what it considers to be the most secure auth-scheme that it understands, obtaining credentials from the user as appropriate.
>> """
> Could be a can of worms so feel free to ignore me

I suspect it's a bit of one. 

> but is
> the term credentials there correct? Perhaps authenticator
> would be better? If we do manage to get better schemes
> defined then someday not all of these would allow derivation
> of an underlying password credential.

How about a nice generic "details", as in "obtaining details from the user as appropriate."?

Mark Nottingham   http://www.mnot.net/
Received on Friday, 1 June 2012 00:50:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:02 UTC