- From: Paul Leach <paulle@microsoft.com>
- Date: Fri, 3 Apr 1998 17:18:36 -0800
- To: http-wg@cuckoo.hpl.hp.com, 'Gisle Aas' <gisle@aas.no>
- Cc: 'Jim Gettys' <jg@w3.org>
none. Just forgot to update the one when I was updating the other. I'll fix it in the next draft. BTW: there isn't any good reason not to have multuple challenges for the same mechanism, either (with different realms). Jim: can we log this an an issue? > ---------- > From: Gisle Aas[SMTP:gisle@aas.no] > Sent: Friday, April 03, 1998 2:02 AM > To: http-wg@cuckoo.hpl.hp.com > Subject: Multiple Proxy-Authenticate challenges? > > Is there a good reason why WWW-Authenticate can have multiple > challenges while Proxy-Authenticate can't? > > draft-ietf-http-v11-spec-rev-03: > > > Proxy-Authenticate = "Proxy-Authenticate" ":" challenge > > WWW-Authenticate = "WWW-Authenticate" ":" 1#challenge > > I also think that the following sentence from the description of > WWW-Authenticate fits better if moved to the > draft-ietf-http-authentication > document as it is the one that define "challenge". > > > User agents > > MUST take special care in parsing the WWW-Authenticate field value if > it > > contains more than one challenge, or if more than one WWW-Authenticate > > header field is provided, since the contents of a challenge may itself > > contain a comma-separated list of authentication parameters. > > > Regards, > Gisle >
Received on Friday, 3 April 1998 17:20:56 UTC