FYI. - Jim Begin forwarded message: > From: Nicolas Williams <Nicolas.Williams@sun.com> > Date: January 5, 2006 11:10:19 AM PST > To: Lisa Dusseault <lisa@osafoundation.org> > Cc: Joe Orton <joe@manyfish.co.uk>, HTTP authentication list <ietf- > http-auth@osafoundation.org>, webdav WG <w3c-dist-auth@w3.org> > Subject: [Moderator Action] Re: [Ietf-http-auth] Clients desiring > to authenticate > > > > On Thu, Jan 05, 2006 at 10:33:13AM -0800, Lisa Dusseault wrote: >> I do agree both of the approaches outlined in the current appendix >> are >> hacks. We had previously specified a non-hack approach -- a >> "Force-Authentication" request header flag that indicated the client >> might have authorization information which it could provide if >> only the >> server sent a challenge. > > It's not necessarily easy for the server to know that a client would > have more access were it to authenticate (at all, differently), though > it's safe to assume that it might. > > I think this is the identity selection problem, which I did not think > this list was intended to tackle. > > Nico > --Received on Thursday, 5 January 2006 19:25:03 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 12 October 2007 17:53:25 GMT