- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 23 Dec 2011 22:21:31 -0500
- To: Larry Masinter <masinter@adobe.com>
- Cc: Karl Dubost <karld@opera.com>, "julian.reschke@gmx.de" <julian.reschke@gmx.de>, HTTP Working Group <ietf-http-wg@w3.org>
On 15/12/2011, at 7:58 PM, Larry Masinter wrote: > ..., it would be helpful if you could identify *specific* parts of the documents where it's important to distinguish between at-the-keyboard-now and at-the-keyboard-sometime. > > As I said, I think the problem is less with the HTTP documents than it is with other specification writers who are not careful to distinguish client-with-user and autonomous clients. But... > > > http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-17 > > > o Clients which have been idle for an extended period following > which the server might wish to cause the client to reprompt the > user for credentials. > > > "if they have one"? The server causes the client to??? > > > If the 401 response contains the same challenge as the > prior response, and the user agent has already attempted > authentication at least once, then the user SHOULD be presented the > representation that was given in the response, since that > representation might include relevant diagnostic information. > > > Getting terminology wrong leads to thinks. Thanks Larry, I think that's a bug. -- Mark Nottingham http://www.mnot.net/
Received on Saturday, 24 December 2011 03:22:08 UTC