- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 23 Apr 2013 13:48:02 +1000
- To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
* 2.1 "It uses an extensible, case-insensitive token..." I know what's meant here, but the token itself isn't extensible; it's an extension point. Suggest: :It uses a case-insensitive token as a means to identify..."
* 2.1 "...based upon a challenge received from the server..." --> "...based upon a challenge received in a response" ("from the server" implies that the next inbound server generated the challenge, which isn't always the case).
* 2.2 "Note that there can be multiple challenges with the same auth-scheme..." --> "Note that a response can have multiple challenges..."
* 2.2 "Unless otherwise defined by the authentication scheme,..." --> "Unless specifically allowed by the authentication scheme..."
* 2.3.1 "... can only be used once per challenge/credentials." --> "...once in a challenge or credential."
* 2.3.1 needs references to p6 for cache-control directives it talks about.
* 3.1 "The client MAY repeat the request with a new or replaced Authorisation header field." s/client/user agent/
* 4.1 'The "Authorization" header field allows a user agent to authenticate itself with a server..." s/server/origin server/
* 4.3 "Its value consists of credentials containing the authentication information of the user agent for the proxy..." s/user agent/client/
* 6.2 First paragraph - all instances of 'server' to 'origin server'
* 6.2 "This is of particular concern when a server hosts resources for multiple parties..." s/server/origin server/
* 6.2 "...by using a different host name for each party." s/host name/origin/ (or similar; i.e. you can do this with ports too)
--
Mark Nottingham http://www.mnot.net/
Received on Tuesday, 23 April 2013 03:48:28 UTC