W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: WGLC issue: token68 in p7

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 22 Mar 2013 03:27:14 +1300
Message-ID: <514B18C2.8050202@treenet.co.nz>
To: ietf-http-wg@w3.org
On 22/03/2013 12:42 a.m., Ken Murchison wrote:
> Julian Reschke wrote:
>> On 2013-03-20 01:46, Manger, James H wrote:
>>> Björn,
>>>
>>> '=' is only allowed at the end to ensure the syntax is unambiguous.
>>> A token68 value can only be distinguished from an auth-param
>>> (token = (token / quoted-string)) due to this restriction.
>>>
>>> Let's keep token68 as it is.
>>>
>>> -- 
>>> James Manger
>>> ...
>>
>> As far as I can tell, if a given scheme always uses token68 (such as 
>> the Basic credentials), it's not necessary to be able to distinguish.
>>
>> We added token68 for "Basic". Basic only needs token68 for 
>> credentials. Can somebody recall why we added it for challenges as well?
>
> It looks like Bearer is the scheme that screwed this up by using chars 
> outside of the base64 alphabet.
>

Yes.
  Basic required base64 alphabet for response tokens.
  NTLM and Negotiate used that but required the tokens in both Request 
and Response.
  Bearer required extension characters to avoid base-64 encoding tokens 
that could come from weird systems like SAML and JSON with internal 
opaque format delimiters.

Amos
Received on Thursday, 21 March 2013 14:27:53 GMT

This archive was generated by hypermail 2.3.1 : Thursday, 21 March 2013 14:27:59 GMT