- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 30 Oct 2013 17:25:07 +0100
- To: Stephen Kent <kent@bbn.com>, secdir <secdir@ietf.org>, fielding@gbiv.com, mnot@pobox.com, Barry Leiba <barryleiba@computer.org>, Pete Resnick <presnick@qti.qualcomm.com>, "Mankin, Allison" <amankin@verisign.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 2013-10-29 20:35, Stephen Kent wrote: > ... > In Section 2.2 the text says: > > The protection space determines the domain over which credentials can > > be automatically applied.If a prior request has been authorized, > > the user agent MAY reuse the same credentials for all other requests > > within that protection space for a period of time determined by the > > authentication scheme, parameters, and/or user preference. > > I’m not clear how user preferences fit into this process. It would seem > that the server would decide whether a prior authorization is valid for > later requests, not a user. > ... Of course it's up to the server to accept or reject it. The text you cite is about the user agent deciding whether it can try to use the credentials. Does this require a clarification? Best regards, Julian
Received on Wednesday, 30 October 2013 16:25:39 UTC