Multiple Proxy-Authenticate challenges? from Gisle Aas on 1998-04-02 (ietf-http-wg@w3.org from April to June 1998)

From: Gisle Aas <gisle@aas.no>
Date: Thu, 2 Apr 1998 16:34:53 +0100 (BST)
To: http-wg@cuckoo.hpl.hp.com
Message-Id: <m3btukfhvk.fsf@furu.g.aas.no>

Is there a good reason why WWW-Authenticate can have multiple
challenges while Proxy-Authenticate can't?

draft-ietf-http-v11-spec-rev-03:

>         Proxy-Authenticate  = "Proxy-Authenticate" ":" challenge
>         WWW-Authenticate  = "WWW-Authenticate" ":" 1#challenge

I also think that the following sentence from the description of
WWW-Authenticate fits better if moved to the draft-ietf-http-authentication
document as it is the one that define "challenge".

>                                                          User agents
>  MUST take special care in parsing the WWW-Authenticate field value if it
>  contains more than one challenge, or if more than one WWW-Authenticate
>  header field is provided, since the contents of a challenge may itself
>  contain a comma-separated list of authentication parameters.


Regards,
Gisle

Received on Friday, 3 April 1998 02:04:33 UTC