- From: Yutaka OIWA <y.oiwa@aist.go.jp>
- Date: Mon, 14 Nov 2011 17:19:36 +0900
- To: TianLinyi <tianlinyi@huawei.com>
- Cc: Apps Discuss <apps-discuss@ietf.org>, httpbis Group <ietf-http-wg@w3.org>
401 is a specific status code for kicking in *HTTP* authentication. It requires servers to supply an appropriate WWW-Authenticate header. It seems to be not a "general status code" of your sense. The proposed 511 is a status code in general 5XX category, indicating that there is no way at HTTP level to successfully complete the request at this moment, due to some server-side reason. The 511 status carries a "hint", in addition to usual 5XX statuses, to clients that the provided response is not supplied directly from the requested peer, and some man-in-the-middle has refused to forward a request without some more user interactions (usually an application-level authentication or payments). Such interactions are performed in some higher protocol layer than HTTP. 2011/11/14 TianLinyi <tianlinyi@huawei.com>: > Hi, Mark > > I am wondering the relationship betwen "511 Network Authentication Required" and " 401 Unauthorized". 401 is a general status code for requiring user authentication. However "requiring network access" may be part of the sementics of user authentication. How to clearly distinguish them? > > In the description it mentioned the following sentence: > The response representation SHOULD indicate how to do this; e.g., > with an HTML form for submitting credentials. > However it is clear how to do this? Will it be leaving to implementation (e.g. the parameters included in the HTML form)? > > Cheers, > Linyi > > On 13/11/2011, at 8:33 PM, Randall Gellens wrote: > >> In today's APPAREA/APPSWG session, Mark briefly talked about this >> draft, and when mentioning the 511 code, said that his intent was not >> to encourage captive portal interception as a technique for network >> access authorization or authentication, but rather to reduce the harm >> that such mechanisms cause. >> >> I agree with all these goals, but in looking at >> draft-nottingham-http-new-status-03.txt, I wonder if it would be >> helpful to add some text in section 6 that mentions some of the ill >> effects of the method, and mentions or points to a few better >> alternative mechanisms for authorizing network access. > > >> >> -- >> Randall Gellens >> Opinions are personal; facts are suspect; I speak for myself only >> -------------- Randomly selected tag: --------------- >> Hofstadter's Law: >> It always takes longer than you expect, even when you take >> Hofstadter's Law into account. > > -- > Mark Nottingham > http://www.mnot.net/ > > > > > _______________________________________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss > _______________________________________________ > apps-discuss mailing list > apps-discuss@ietf.org > https://www.ietf.org/mailman/listinfo/apps-discuss > -- -- Yutaka OIWA, Ph.D. Research Scientist Research Center for Information Security (RCIS) National Institute of Advanced Industrial Science and Technology (AIST) Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp> OpenPGP: id[440546B5] fp[7C9F 723A 7559 3246 229D 3139 8677 9BD2 4405 46B5]
Received on Monday, 14 November 2011 08:20:15 UTC