W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: #271: SHOULD review in p7

From: Mark Nottingham <mnot@mnot.net>
Date: Sun, 24 Jun 2012 10:18:39 +1000
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <8C409585-D560-41A7-BC36-CDC99544ECCD@mnot.net>
To: Julian Reschke <julian.reschke@gmx.de>

On 23/06/2012, at 8:44 PM, Julian Reschke wrote:

>> 2.1
>> 
>> "Requests for protected resources that omit credentials, contain invalid credentials (e.g., a bad password), or partial credentials (e.g., when the authentication scheme requires more than one round trip) SHOULD return a 401 (Unauthorized) response."
>> 
>> EDITORIAL - make the subject of the requirement more obvious, e.g., "Upon a request for a protected resource that omits credentials, contains invalid credentials (e.g., a bad password), or partial credentials (e.g., when the authentication scheme requires more than one round trip), an origin server SHOULD return a 401 (Unauthorized) response.
> 
> OK.
> 
>> "Likewise, requests that require authentication by proxies that omit credentials, or contain invalid or partial credentials should return a 407 (Proxy Authentication Required) response."
>> 
>> EDITORIAL - same as above.
> 
> Please confirm:
> 
>   Likewise, upon a request that requires authentication by proxies that
>   omit credentials, or contain invalid or partial credentials, a proxy
>   SHOULD return a 407 (Proxy Authentication Required) response.  Such
>   responses MUST include a Proxy-Authenticate header field containing a
>   (possibly new) challenge applicable to the proxy.

OK.

--
Mark Nottingham   http://www.mnot.net/
Received on Sunday, 24 June 2012 00:19:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 24 June 2012 00:19:23 GMT