- From: Alex Hopmann <hopmann@holonet.net>
- Date: Wed, 9 Aug 1995 12:40:21 -0700
- To: Roy Fielding <fielding@beach.w3.org>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Various people wrote:
>>> The same applies to Authorization.
>>
>>Let's go for the alternative. Breaking all existing implementations of
>>something like this seems unnecessary. If you *must* go for semicolons,
>>define a new header.
>
>Keep in mind that existing clients will not recognize the new header.
>That may not be a problem if both are provided, but will remain a problem
>for the Authorization field.
>
>Another alternative would be to forbid multiple schemes per resource,
>or require that applications parse the AA fields such that they can
>recover gracefully from unexpected folding.
>
>Perhaps the latter would be best for 1.0?
The only thing is that I have been seeing multiple WWW-Authenticate: fields
all over the net. If a server wants to inform clients that it will accept
multiple authorization schemes for a resources, it really seems to be
"current pratice" that the server include multiple WWW-Authenticate fields
rather than one WWW-Authenticate with several semicolon separated entries.
Does anyone else have any ideas about the WWW-Authenticate problem? I
believe that this is a key issue if we want to see DIGEST authentication
deployed.
Alex Hopmann
ResNova Software, Inc.
hopmann@holonet.net
on (note that I created the fragment ids by hand)
is more stable. I will try to transfer the fragments to each version.
When it becomes an RFC, I'll do a completely-hyperized version for
posterity. ;-)
....Roy T. Fielding Department of ICS, University of California, Irvine USA
Visiting Scholar, MIT/LCS + World-Wide Web Consortium
(fielding@w3.org) (fielding@ics.uci.edu)
rtment of ICS, University of California, Irvine USA
Visiting Scholar, MIT/LCS + World-Wide Web Consortium
(fielding@w3.org) (fielding@ics.uci.edu)
Received on Wednesday, 9 August 1995 13:05:59 UTC