Re: WGLC #357: Authentication Exchanges

On 2012-06-20 20:01, David Morris wrote:
>
>
> On Wed, 20 Jun 2012, Julian Reschke wrote:
>
>> On 2012-06-20 06:11, Mark Nottingham wrote:
>>>
>
>>> How about, after those two paragraphs:
>>>
>>> """
>>> A server receiving credentials that are valid, but not adequate to gain
>>> access, ought to respond with the 403 (Forbidden) status code.
>>> """
>
> Seems to me that 'ought to' should either be 'SHOULD' or 'MAY'?

"MAY" isn't helping at all. "SHOULD" would make those who do not do this 
non-compliant. Do we want to do that? (note it would conflict with the 
"If the server does not wish to make this information available to the 
client, the status code 404 (Not Found) MAY be used instead." that we 
have in the definition of 403).

Best regards, Julian

Received on Wednesday, 20 June 2012 18:15:48 UTC