W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: #516 note about WWW-A parsing potentially misleading

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Wed, 30 Oct 2013 16:13:41 +0100
To: Julian Reschke <julian.reschke@gmx.de>
Cc: ietf-http-wg@w3.org
Message-ID: <i48279poq59nbhrjr0j30hld30a87t1k37@hive.bjoern.hoehrmann.de>
* Julian Reschke wrote:
>On 2013-10-30 15:40, Bjoern Hoehrmann wrote:
>> The intent may have been to emphasise that having only one challenge per
>> WWW-Authenticate header does not mean no special care has to be taken. I
>> agree that it can be confusing; replacing the sub clause by "and" should
>> be fine.
>Not sure what your proposal is.

s/if more than one WWW-Authenticate header field is provided/and/ would
be a minimal solution that addresses the problem.

>How about:
>"User agents are advised to take special care in parsing the
>WWW-Authenticate header field, as each field value can contain more than 
>one challenge, and the header field itself can occur multiple times. 
>Furthermore, the contents of a single challenge can contain a
>comma-separated list of authentication parameters."

That would also work, but editorially it would be better to keep the two
comma cases together (comma separates challenges; comma separates para-
meters in challenges; then mention multiple headers).
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Wednesday, 30 October 2013 15:14:16 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:19 UTC