- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Sat, 11 Mar 2006 11:28:38 -0800
- To: Mark Nottingham <mnot@yahoo-inc.com>
- Cc: ietf-http-wg@w3.org
On Mar 10, 2006, at 3:08 PM, Mark Nottingham wrote: > a) Is the intent of the first SHOULD to allow credential caching > (e.g., similar to [1]) in intermediaries? No, the intent is to allow credential caching in user agents (the only creatures to whom Authorization applies). The rest of the section you quoted is irrelevant overspecification of the simple fact that responses to a request containing Authorization are not shared-cacheable unless explicitly made so by the origin server header fields (that are more than adequately defined elsewhere, making those additions here confusing). ....Roy
Received on Saturday, 11 March 2006 19:39:14 UTC