I believe these are all editorial issues. * 2 Access Authentication Framework - It would be good to highlight that this framework serves two distinct purposes -- authentication to origin servers, and authentication to proxies -- and to adjust the language as appropriate to link back to these (e.g., to use the phrase "proxy authentication" in 4.2 Proxy-Authenticate, where it is now only implied). * 2.1 Challenge and Response - The fact that proxy authentication is hop-by-hop is buried down in the definition of the headers. It would be good to surface it here. * 2.1 Challenge and Response - Some examples would be helpful. * 2.1 Challenge and Response - "Many browsers..." --> "Many user-agents..." * 2.2 Protection Space (Realm) - "If a prior request has been authorized, the same credentials MAY be reused for all other requests within that protection space..." 'reused' is ill-defined here, and it's not clear who the requirement applies to. Suggest: "If a prior request has been authorized into a protection space, clients MAY optimistically send the same credentials to other resources in that protection space..." -- Mark Nottingham http://www.mnot.net/Received on Thursday, 15 March 2012 23:55:27 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT