- From: Dan Winship <dan.winship@gmail.com>
- Date: Fri, 04 Dec 2009 09:26:40 -0500
- To: Eran Hammer-Lahav <eran@hueniverse.com>
- CC: Thomas Broyer <t.broyer@gmail.com>, "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
On 12/04/2009 03:01 AM, Eran Hammer-Lahav wrote: > I wasn't questioning the need to provide multiple challenges in a > single response. I was only questioning the wisdom in allowing > multiple challenges in a single header field, given the odd > combination of separators it creates. It would be nice to try and > deprecate this practice, while still requiring clients to deal > with it for backwards compatibility. This possibility was discussed before and basically rejected; see the thread starting at http://lists.w3.org/Archives/Public/ietf-http-wg/2008JulSep/0300.html. If you think OAuth is likely to be used in combination with other WWW-Authenticate methods, you should start filing bugs against browsers now :-} -- Dan
Received on Friday, 4 December 2009 14:26:58 UTC