Re: HTTP status code for "Password Expired"? from Roy T. Fielding on 1995-05-11 (ietf-http-wg@w3.org from April to June 1995)

From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
Date: Wed, 10 May 1995 19:49:26 -0700
To: matthew noell <matt@caladan.sps.mot.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9505101949.aa15400@paris.ics.uci.edu>

> After reviewing the HTTP/1.0 draft I was unable to find in the status
> codes section anything which I could use to report access authorization has
> been denied because the password given has expired.

There is not a separate status code for every possible error condition;
instead, there are codes for classes of problems and the content of the
message is used to explain the exact reason.  In this case, the response
should be some form of "Authorization Refused", but we seem to be lacking
one of those.  Do we need one?

In the mean time, use

   403 Forbidden

and include an explanation in the message body.

 ....Roy T. Fielding  Department of ICS, University of California, Irvine USA
                                       <fielding@ics.uci.edu>
                      <URL:http://www.ics.uci.edu/dir/grad/Software/fielding>

Received on Wednesday, 10 May 1995 19:55:27 UTC