- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 16 Mar 2012 10:55:00 +1100
- To: HTTP Working Group <ietf-http-wg@w3.org>
I believe these are all editorial issues. * 2 Access Authentication Framework - It would be good to highlight that this framework serves two distinct purposes -- authentication to origin servers, and authentication to proxies -- and to adjust the language as appropriate to link back to these (e.g., to use the phrase "proxy authentication" in 4.2 Proxy-Authenticate, where it is now only implied). * 2.1 Challenge and Response - The fact that proxy authentication is hop-by-hop is buried down in the definition of the headers. It would be good to surface it here. * 2.1 Challenge and Response - Some examples would be helpful. * 2.1 Challenge and Response - "Many browsers..." --> "Many user-agents..." * 2.2 Protection Space (Realm) - "If a prior request has been authorized, the same credentials MAY be reused for all other requests within that protection space..." 'reused' is ill-defined here, and it's not clear who the requirement applies to. Suggest: "If a prior request has been authorized into a protection space, clients MAY optimistically send the same credentials to other resources in that protection space..." -- Mark Nottingham http://www.mnot.net/
Received on Thursday, 15 March 2012 23:55:27 UTC