- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Wed, 30 Oct 2013 16:13:41 +0100
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: ietf-http-wg@w3.org
* Julian Reschke wrote: >On 2013-10-30 15:40, Bjoern Hoehrmann wrote: >> The intent may have been to emphasise that having only one challenge per >> WWW-Authenticate header does not mean no special care has to be taken. I >> agree that it can be confusing; replacing the sub clause by "and" should >> be fine. > >Not sure what your proposal is. s/if more than one WWW-Authenticate header field is provided/and/ would be a minimal solution that addresses the problem. >How about: > >"User agents are advised to take special care in parsing the >WWW-Authenticate header field, as each field value can contain more than >one challenge, and the header field itself can occur multiple times. >Furthermore, the contents of a single challenge can contain a >comma-separated list of authentication parameters." That would also work, but editorially it would be better to keep the two comma cases together (comma separates challenges; comma separates para- meters in challenges; then mention multiple headers). -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Wednesday, 30 October 2013 15:14:16 UTC