- From: David - Morris <dwm@shell.portal.com>
- Date: Fri, 12 May 1995 10:23:13 -0700 (PDT)
- To: http working group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
On Wed, 10 May 1995, Roy T. Fielding wrote:
> should be some form of "Authorization Refused", but we seem to be lacking
> one of those. Do we need one?
Password expired is certainly a specific case where we can anticipate
that UA might desire to interpret the error and enter into a local
dialog with the user to obtain a new value. Though a general
"Authorization Refused: Expired" rather than specific "password expired"
would seen appropriate. It may be that a certificate from a trusted
source has expired and the UA might simply obtain a new certificate.
For discussion, let me sugggest a few reason codes which might result
in UA action:
expired -- as above
unknown user : user is not known - some non UNIX systems
differentiate between user and password error
unknown authority : certificate authority is unknown, etc.
invalid : combination ... typical UNIX login refusal
invalid password
resources exhausted : for example insufficient funds
use count limit : a certificate might allow 1 or limited uses
(like a movie theatre ticket or permission to
copy)
In general, I would hope a UA would lead the user thru the resolution
or even provide the resolution.
Dave Morris
Received on Friday, 12 May 1995 10:25:48 UTC