- From: Grahame Grieve <grahame@kestral.com.au>
- Date: Wed, 4 Jun 2014 07:39:22 +1000
- To: Wenbo Zhu <wenboz@google.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Received on Tuesday, 3 June 2014 21:39:50 UTC
I think that this an attempt to propose clarification, which is good, because this is confusing: The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource A server that receives valid credentials which are not adequate to gain access ought to respond with the 403 (Forbidden) status code (Section 6.5.3 of [Part2 <http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-26#ref-Part2>]) There's rather an overlap between those, and consequently quite a lack of clarity about which should be used when. Grahame On Wed, Jun 4, 2014 at 7:25 AM, Wenbo Zhu <wenboz@google.com> wrote: > Just ping the group and see if we may consider renaming 401 as > "unauthenticated", to be exact. > > http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-26#section-2.1 > > Thanks, > Wenbo > -- ----- http://www.healthintersections.com.au / grahame@healthintersections.com.au
Received on Tuesday, 3 June 2014 21:39:50 UTC