- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Fri, 1 Feb 2008 15:17:15 -0800
- To: Paul Leach <paulle@windows.microsoft.com>
- Cc: Paul Hoffman <paul.hoffman@vpnc.org>, HTTP Working Group <ietf-http-wg@w3.org>
On Feb 1, 2008, at 2:39 PM, Paul Leach wrote: > [Paul Leach] Are you taking into account that, after an FBA, > subsequent requests to the same site are authorized by a cookie > (i.e., they have no auth headers at all), whereas with Basic every > request has an auth header? It doesn't make any difference either way. The notion that authenticated HTTP requests are almost entirely based on FBA is absurd. It ignores the fact that most HTTP requests aren't even made by browsers. ....Roy
Received on Friday, 1 February 2008 23:17:10 UTC