W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 1998

Multiple Proxy-Authenticate challenges?

From: Gisle Aas <gisle@aas.no>
Date: Thu, 2 Apr 1998 16:34:53 +0100 (BST)
To: http-wg@cuckoo.hpl.hp.com
Message-Id: <m3btukfhvk.fsf@furu.g.aas.no>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/13
Is there a good reason why WWW-Authenticate can have multiple
challenges while Proxy-Authenticate can't?


>         Proxy-Authenticate  = "Proxy-Authenticate" ":" challenge
>         WWW-Authenticate  = "WWW-Authenticate" ":" 1#challenge

I also think that the following sentence from the description of
WWW-Authenticate fits better if moved to the draft-ietf-http-authentication
document as it is the one that define "challenge".

>                                                          User agents
>  MUST take special care in parsing the WWW-Authenticate field value if it
>  contains more than one challenge, or if more than one WWW-Authenticate
>  header field is provided, since the contents of a challenge may itself
>  contain a comma-separated list of authentication parameters.

Received on Friday, 3 April 1998 02:04:33 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:05 UTC