W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: 401 ("unauthenticated" v.s. "unauthorized")

From: Grahame Grieve <grahame@kestral.com.au>
Date: Wed, 4 Jun 2014 07:39:22 +1000
Message-ID: <CAG47hGaD61tdiPdRWf0Ss8Z8cWoPD-Cc5nF8zp+xmyOPuaWt8g@mail.gmail.com>
To: Wenbo Zhu <wenboz@google.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
I think that this an attempt to propose clarification, which is good,
because this is confusing:

The 401 (Unauthorized) status code indicates that the request has not
   been applied because it lacks valid authentication credentials for
   the target resource


A server that receives valid credentials which are not adequate to
   gain access ought to respond with the 403 (Forbidden) status code
   (Section 6.5.3 of [Part2
<http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-26#ref-Part2>])


There's rather an overlap between those, and consequently quite a lack of

clarity about which should be used when.


Grahame




On Wed, Jun 4, 2014 at 7:25 AM, Wenbo Zhu <wenboz@google.com> wrote:

> Just ping the group and see if we may consider renaming 401 as
> "unauthenticated", to be exact.
>
> http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-26#section-2.1
>
> Thanks,
> Wenbo
>



-- 
-----
http://www.healthintersections.com.au / grahame@healthintersections.com.au
Received on Tuesday, 3 June 2014 21:39:50 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC