W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 1998

RE: Multiple Proxy-Authenticate challenges?

From: Paul Leach <paulle@microsoft.com>
Date: Fri, 3 Apr 1998 17:18:36 -0800
Message-Id: <5CEA8663F24DD111A96100805FFE6587031E3D27@red-msg-51.dns.microsoft.com>
To: http-wg@cuckoo.hpl.hp.com, 'Gisle Aas' <gisle@aas.no>
Cc: 'Jim Gettys' <jg@w3.org>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/17
none. Just forgot to update the one when I was updating the other.  I'll fix
it in the next draft.

BTW: there isn't any good reason not to have multuple challenges for the
same mechanism, either (with different realms).

Jim: can we log this an an issue?

> ----------
> From: 	Gisle Aas[SMTP:gisle@aas.no]
> Sent: 	Friday, April 03, 1998 2:02 AM
> To: 	http-wg@cuckoo.hpl.hp.com
> Subject: 	Multiple Proxy-Authenticate challenges?
> 
> Is there a good reason why WWW-Authenticate can have multiple
> challenges while Proxy-Authenticate can't?
> 
> draft-ietf-http-v11-spec-rev-03:
> 
> >         Proxy-Authenticate  = "Proxy-Authenticate" ":" challenge
> >         WWW-Authenticate  = "WWW-Authenticate" ":" 1#challenge
> 
> I also think that the following sentence from the description of
> WWW-Authenticate fits better if moved to the
> draft-ietf-http-authentication
> document as it is the one that define "challenge".
> 
> >                                                          User agents
> >  MUST take special care in parsing the WWW-Authenticate field value if
> it
> >  contains more than one challenge, or if more than one WWW-Authenticate
> >  header field is provided, since the contents of a challenge may itself
> >  contain a comma-separated list of authentication parameters.
> 
> 
> Regards,
> Gisle
> 
Received on Friday, 3 April 1998 17:20:56 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:05 UTC