W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

WGLC review of p7-19

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 16 Mar 2012 10:55:00 +1100
Message-Id: <B53A4029-FF9B-4137-836A-BA3D1A0279A2@mnot.net>
To: HTTP Working Group <ietf-http-wg@w3.org>
I believe these are all editorial issues.

* 2 Access Authentication Framework - It would be good to highlight that this framework serves two distinct purposes -- authentication to origin servers, and authentication to proxies -- and to adjust the language as appropriate to link back to these (e.g., to use the phrase "proxy authentication" in 4.2 Proxy-Authenticate, where it is now only implied).

* 2.1 Challenge and Response - The fact that proxy authentication is hop-by-hop is buried down in the definition of the headers. It would be good to surface it here.

* 2.1 Challenge and Response - Some examples would be helpful.

* 2.1 Challenge and Response - "Many browsers..." --> "Many user-agents..."

* 2.2 Protection Space (Realm) - "If a prior request has been authorized, the same credentials MAY be reused for all other requests within that protection space..."  'reused' is ill-defined here, and it's not clear who the requirement applies to. Suggest: "If a prior request has been authorized into a protection space, clients MAY optimistically send the same credentials to other resources in that protection space..."


--
Mark Nottingham   http://www.mnot.net/
Received on Thursday, 15 March 2012 23:55:27 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:57 GMT