RE: #195, was: ABNF for Authorization header not quite right from Thomas Maslen on 2011-07-28 (ietf-http-wg@w3.org from July to September 2011)

From: Thomas Maslen <Thomas.Maslen@quest.com>
Date: Thu, 28 Jul 2011 01:06:18 +0000
To: "Manger, James H" <James.H.Manger@team.telstra.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <D5847DD823005F4E9DB94FE77DCEDF680FF208FB@ALVMBXW01.prod.quest.corp>

On Wed 2011-07-27 17:45 +0700  Manger, James H <James.H.Manger@team.telstra.com> wrote:
[...]
> That is, I think a <b64> blob should only be allowed when it is the first (and only) parameter.

I agree, both for challenges and for credentials.

If some auth-scheme needs multiple base64 blobs it should use #auth-param
(i.e. key-value pairs, presumably with quoted-string values) to convey them.

I agree that NTLM, Negotiate, and even Nego2 need only a single base64 blob;
they do not need multiple base64 blobs.

Received on Thursday, 28 July 2011 01:06:57 UTC