W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: WGLC issue: token68 in p7

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 22 Mar 2013 03:27:14 +1300
Message-ID: <514B18C2.8050202@treenet.co.nz>
To: ietf-http-wg@w3.org
On 22/03/2013 12:42 a.m., Ken Murchison wrote:
> Julian Reschke wrote:
>> On 2013-03-20 01:46, Manger, James H wrote:
>>> Björn,
>>> '=' is only allowed at the end to ensure the syntax is unambiguous.
>>> A token68 value can only be distinguished from an auth-param
>>> (token = (token / quoted-string)) due to this restriction.
>>> Let's keep token68 as it is.
>>> -- 
>>> James Manger
>>> ...
>> As far as I can tell, if a given scheme always uses token68 (such as 
>> the Basic credentials), it's not necessary to be able to distinguish.
>> We added token68 for "Basic". Basic only needs token68 for 
>> credentials. Can somebody recall why we added it for challenges as well?
> It looks like Bearer is the scheme that screwed this up by using chars 
> outside of the base64 alphabet.

  Basic required base64 alphabet for response tokens.
  NTLM and Negotiate used that but required the tokens in both Request 
and Response.
  Bearer required extension characters to avoid base-64 encoding tokens 
that could come from weird systems like SAML and JSON with internal 
opaque format delimiters.

Received on Thursday, 21 March 2013 14:27:53 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 1 October 2015 05:36:58 UTC