W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: #516 note about WWW-A parsing potentially misleading

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 30 Oct 2013 16:31:11 +0100
Message-ID: <5271263F.6090004@gmx.de>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
CC: ietf-http-wg@w3.org
On 2013-10-30 16:13, Bjoern Hoehrmann wrote:
> * Julian Reschke wrote:
>> On 2013-10-30 15:40, Bjoern Hoehrmann wrote:
>>> The intent may have been to emphasise that having only one challenge per
>>> WWW-Authenticate header does not mean no special care has to be taken. I
>>> agree that it can be confusing; replacing the sub clause by "and" should
>>> be fine.
>>
>> Not sure what your proposal is.
>
> s/if more than one WWW-Authenticate header field is provided/and/ would
> be a minimal solution that addresses the problem.
>
>> How about:
>>
>> "User agents are advised to take special care in parsing the
>> WWW-Authenticate header field, as each field value can contain more than
>> one challenge, and the header field itself can occur multiple times.
>> Furthermore, the contents of a single challenge can contain a
>> comma-separated list of authentication parameters."
>
> That would also work, but editorially it would be better to keep the two
> comma cases together (comma separates challenges; comma separates para-
> meters in challenges; then mention multiple headers).

Yup.

"User agents are advised to take special care in parsing the
WWW-Authenticate header field, as each field value can contain more than
one challenge, and each challenge can contain a comma-separated list of 
authentication parameters. Furthermore, the header field itself can 
occur multiple times."

Best regards, Julian
Received on Wednesday, 30 October 2013 15:31:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:18 UTC