- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 20 Feb 2015 15:15:08 +1100
- To: Hervé Ruellan <Herve.Ruellan@crf.canon.fr>
- Cc: ietf-http-wg@w3.org
Now <https://github.com/httpwg/http-extensions/issues/49>. Cheers, > On 18 Feb 2015, at 11:37 pm, Hervé Ruellan <Herve.Ruellan@crf.canon.fr> wrote: > > I think the purpose of the headers should be made more consistent across the document. > In the Introduction, they are used to "return additional information during or after authentication", while in 3, the Authentication-Info header is used to "communicate additional information regarding the successful authentication". > > DIGEST use it in an optional manner, to convey additional information after a successful authentication. > Scram is using it in a mandatory manner, to finalize the authentication, by conveying information for authenticating the server. > > I think that Authentication-Info should be used by the server once the client is authenticated (i.e. the status code is not 401), to either convey additional information or finalize the authentication. > > I created a pull request in this direction: > https://github.com/httpwg/http-extensions/pull/47 > > Hervé. > > On 02/10/2015 11:59 PM, Mark Nottingham wrote: >> Everyone, >> >> Julian believes (with his editor hat on) that this is ready. As discussed, this is a simple document to pull the Authentication-Info and Proxy-Authentication-Info header fields out of 2617, so that they’re not associated with a particular authentication scheme (thereby avoiding lots of scheme-specific headers). >> >> Therefore, this is the announcement of WGLC for: >> https://tools.ietf.org/html/draft-ietf-httpbis-auth-info-02 >> >> Please review the document carefully, and comment on this list. >> >> WGLC will end on 25 February. >> >> Cheers, >> >> -- >> Mark Nottingham https://www.mnot.net/ >> >> >> >> >> > -- Mark Nottingham https://www.mnot.net/
Received on Friday, 20 February 2015 04:15:38 UTC