- From: Mark Nottingham <mnot@mnot.net>
- Date: Sun, 24 Jul 2011 14:06:17 -0400
- To: HTTP Working Group <ietf-http-wg@w3.org>
<http://trac.tools.ietf.org/wg/httpbis/trac/ticket/78> Proposal: 1) Clarify that WWW-Authenticate can appear on any response, and that when it appears on any other than a 401, it means that the client can optionally present the request again with a credential. and, 2) Clarify that an Authentication scheme that uses WWW-Authenticate and/or 401 MUST use the Authorization header in the request, because of its implications for caching. Schemes MAY specify additional headers to be used alongside it. -- Mark Nottingham http://www.mnot.net/
Received on Sunday, 24 July 2011 18:06:50 UTC