- From: Eran Hammer-Lahav <eran@hueniverse.com>
- Date: Tue, 22 Sep 2009 10:24:30 -0700
- To: "Roy T. Fielding" <fielding@gbiv.com>, John Panzer <jpanzer@google.com>
- CC: "oauth@ietf.org" <oauth@ietf.org>, "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
> -----Original Message----- > From: Roy T. Fielding [mailto:fielding@gbiv.com] > Sent: Tuesday, September 22, 2009 10:09 AM > Just follow the HTTP spec. That what I am trying to figure out... Does the HTTP spec mandates that new authentication protocols use the WWW-Authenticate and Authorization headers? Are the headers required for existing caches and servers to operate properly? If they are not included in authenticated requests, are there other requirements to make sure it doesn't break existing deployment? Thanks, HEL
Received on Tuesday, 22 September 2009 17:25:25 UTC