- From: Eric W. Sink <eric@rafiki.spyglass.com>
- Date: Wed, 9 Aug 1995 11:15:40 -0500
- To: Roy Fielding <fielding@beach.w3.org>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
>I would like to avoid getting too involved in >the debate over portions of the 1.0 draft, except where it becomes >necessary to describe the thinking behind some of the recent changes. Given the number of surprise changes and objectionable ones at that, I believe this is unrealistic. >3) WWW-Authenticate > > The new spec now uses semicolon to separate parameters -- keeping > it as comma-separated would prevent people from using more than > one AA scheme per resource. This will break existing implementations > of Digest and PGP AA. One alternative is to leave WWW-Authenticate > as a fixed field (i.e., only describe it for Basic), and define a > new syntax for an Authenticate header. > > The same applies to Authorization. Let's go for the alternative. Breaking all existing implementations of something like this seems unnecessary. If you *must* go for semicolons, define a new header. -- Eric W. Sink Senior Software Engineer, Spyglass eric@spyglass.com
Received on Wednesday, 9 August 1995 09:20:59 UTC