Re: I-D Action:draft-nottingham-http-portal-01.txt from Thomas Broyer on 2010-10-01 (ietf-http-wg@w3.org from October to December 2010)

From: Thomas Broyer <t.broyer@gmail.com>
Date: Fri, 1 Oct 2010 17:50:58 +0200
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <AANLkTikpD=t3vTuC8gV_v_ayvtcfUngzrrNKOyrH60TW@mail.gmail.com>

On Thu, Aug 19, 2010 at 7:24 AM, Mark Nottingham <mnot@mnot.net> wrote:
> FYI: now includes concrete protocol elements, etc.
>
> Begin forwarded message:
>
>> From: Internet-Drafts@ietf.org
>> Date: 18 August 2010 2:00:03 PM AEST
>> To: i-d-announce@ietf.org
>> Subject: I-D Action:draft-nottingham-http-portal-01.txt
>> Reply-To: internet-drafts@ietf.org
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>
>>       Title           : The Network Authentication Required HTTP Status Code
>>       Author(s)       : M. Nottingham
>>       Filename        : draft-nottingham-http-portal-01.txt
>>       Pages           : 7
>>       Date            : 2010-08-17
>>
>> "Captive portals" are a commonly-deployed means of obtaining access
>> credentials and/or payment for a network.  This memo introduces a new
>> HTTP status code as a means of addressing issues found in these
>> deployments.
>>
>> This memo should be discussed on the ietf-http-wg@w3.org mailing
>> list, although it is not a work item of the HTTPbis WG.
>>
>> A URL for this Internet-Draft is:
>> http://www.ietf.org/internet-drafts/draft-nottingham-http-portal-01.txt

Seeing the example, it looks like my previous idea [1] of defining a
new "308 Unauthorized, See other" status code would be better served
with a Refresh header (or HTML meta) in the
401+WWW-Authenticate:Cookie response (given that it'd be required
anyway, as only Safari honors the redirect).

(and it looks like it was my conclusion at that time... [2] I don't
know why I pursued the idea a few months later! [3])

Is the Refresh header field defined somewhere? (the meta refresh is
defined in HTML, including HTML5 [4], but how about the HTTP header?
–that might have been the reason I kept the 308 around)

[1] http://www.w3.org/mid/a9699fd20901191502o2d0d3493u543b3cad167a7cb7@mail.gmail.com
[2] http://www.w3.org/mid/a9699fd20902010225h29b09c9byc7f3b58214829afe@mail.gmail.com
[3] http://hg.ltgt.net/http-cookie-auth/rev/d786cfe607a4
[4] http://www.w3.org/TR/html5/semantics.html#attr-meta-http-equiv-refresh

-- 
Thomas Broyer
/tɔ.ma.bʁwa.je/

Received on Friday, 1 October 2010 15:58:05 UTC