W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: WGLC #357: Authentication Exchanges

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 20 Jun 2012 20:15:11 +0200
Message-ID: <4FE2132F.5090507@gmx.de>
To: 'HTTP Working Group' <ietf-http-wg@w3.org>
CC: David Morris <dwm@xpasc.com>
On 2012-06-20 20:01, David Morris wrote:
>
>
> On Wed, 20 Jun 2012, Julian Reschke wrote:
>
>> On 2012-06-20 06:11, Mark Nottingham wrote:
>>>
>
>>> How about, after those two paragraphs:
>>>
>>> """
>>> A server receiving credentials that are valid, but not adequate to gain
>>> access, ought to respond with the 403 (Forbidden) status code.
>>> """
>
> Seems to me that 'ought to' should either be 'SHOULD' or 'MAY'?

"MAY" isn't helping at all. "SHOULD" would make those who do not do this 
non-compliant. Do we want to do that? (note it would conflict with the 
"If the server does not wish to make this information available to the 
client, the status code 404 (Not Found) MAY be used instead." that we 
have in the definition of 403).

Best regards, Julian
Received on Wednesday, 20 June 2012 18:15:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 20 June 2012 18:15:54 GMT