W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: WGLC #357: Authentication Exchanges

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 20 Jun 2012 21:00:11 +1000
Cc: Julian Reschke <julian.reschke@gmx.de>, Amos Jeffries <squid3@treenet.co.nz>, ietf-http-wg@w3.org
Message-Id: <4654B441-2D30-4BC1-929D-734D504BFDA1@mnot.net>
To: Yutaka OIWA <y.oiwa@aist.go.jp>

On 20/06/2012, at 8:48 PM, Yutaka OIWA wrote:

> My current feeling after this thread of discussions is to honor both 401 and 403
> as desired responses with authz-failure, possibly with preference for 403 for
> future implementations (if we want).

That's effectively where we are; note that there aren't any RFC2119 conformance requirements placed around this.

Cheers,

--
Mark Nottingham   http://www.mnot.net/
Received on Wednesday, 20 June 2012 11:00:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 20 June 2012 11:00:55 GMT