On Wed, 10 May 1995, Roy T. Fielding wrote: > should be some form of "Authorization Refused", but we seem to be lacking > one of those. Do we need one? Password expired is certainly a specific case where we can anticipate that UA might desire to interpret the error and enter into a local dialog with the user to obtain a new value. Though a general "Authorization Refused: Expired" rather than specific "password expired" would seen appropriate. It may be that a certificate from a trusted source has expired and the UA might simply obtain a new certificate. For discussion, let me sugggest a few reason codes which might result in UA action: expired -- as above unknown user : user is not known - some non UNIX systems differentiate between user and password error unknown authority : certificate authority is unknown, etc. invalid : combination ... typical UNIX login refusal invalid password resources exhausted : for example insufficient funds use count limit : a certificate might allow 1 or limited uses (like a movie theatre ticket or permission to copy) In general, I would hope a UA would lead the user thru the resolution or even provide the resolution. Dave MorrisReceived on Friday, 12 May 1995 10:25:48 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:42:55 UTC