- From: Ken Murchison <murch@andrew.cmu.edu>
- Date: Thu, 21 Mar 2013 07:42:42 -0400
- To: Julian Reschke <julian.reschke@gmx.de>
- CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Julian Reschke wrote: > On 2013-03-20 01:46, Manger, James H wrote: >> Björn, >> >> '=' is only allowed at the end to ensure the syntax is unambiguous. >> A token68 value can only be distinguished from an auth-param >> (token = (token / quoted-string)) due to this restriction. >> >> Let's keep token68 as it is. >> >> -- >> James Manger >> ... > > As far as I can tell, if a given scheme always uses token68 (such as the > Basic credentials), it's not necessary to be able to distinguish. > > We added token68 for "Basic". Basic only needs token68 for credentials. > Can somebody recall why we added it for challenges as well? It looks like Bearer is the scheme that screwed this up by using chars outside of the base64 alphabet. -- Kenneth Murchison Principal Systems Software Engineer Carnegie Mellon University
Received on Thursday, 21 March 2013 11:43:16 UTC