RE: [OAUTH-WG] OAuth and HTTP caching

> -----Original Message-----
> From: Roy T. Fielding []
> Sent: Tuesday, September 22, 2009 10:09 AM

> Just follow the HTTP spec.

That what I am trying to figure out...

Does the HTTP spec mandates that new authentication protocols use the WWW-Authenticate and Authorization headers? Are the headers required for existing caches and servers to operate properly? If they are not included in authenticated requests, are there other requirements to make sure it doesn't break existing deployment?



Received on Tuesday, 22 September 2009 17:25:25 UTC