Michael Wechner wrote on 06/30/06 06:55: > > right, this might makes sense for formats. But I would argue with > another usecase, namely Custom Authentication > instead of HTTP authentication (BASIC or DIGEST). > > Let's assume a resource is protected and a server would like to offer > custom authentication, e.g. it would send > a HTML to a regular browser and some WebDAV specific XML to a WebDAV > enabled client, whereas I haven't digged into > WebDAV far enough how something like this could be handled by the WebDAV > spec. Authentication is independent of the response body. It is all done in the HTTP headers. Nothing prevents a client to send an Authorization header without receiving a 401 response beforehand (RFC 2616, section 14.8.) And servers are free to send multiple WWW-Authenticate headers, for each one of the authentication schemes they support (for example, IIS can indicate support for the custom NTLM authentication.) So, I still fail to see what the problem is. -JoeReceived on Friday, 30 June 2006 14:30:43 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 12 October 2007 17:53:26 GMT