W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

Re: 401 ("unauthenticated" v.s. "unauthorized")

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 04 Jun 2014 07:10:48 +0200
Message-ID: <538EAA58.1040705@gmx.de>
To: grahame@healthintersections.com.au, Wenbo Zhu <wenboz@google.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Hi there,

I agree that this requires clarification, but it is too late for RFC 7235.

That being said, it would be good to have a single place for proposed 
future changes. My proposal would be to keep using the SVN Trac instance 
for that.

Best regards, Julian

On 2014-06-03 23:39, Grahame Grieve wrote:
> I think that this an attempt to propose clarification, which is good,
> because this is confusing:
>
> The 401 (Unauthorized) status code indicates that the request has not
>     been applied because it lacks valid authentication credentials for
>     the target resource
>
>
> A server that receives valid credentials which are not adequate to
>     gain access ought to respond with the 403 (Forbidden) status code
>     (Section 6.5.3 of [Part2  <http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-26#ref-Part2>])
>
>
> There's rather an overlap between those, and consequently quite a lack of
>
> clarity about which should be used when.
>
>
> Grahame
>
>
>
>
> On Wed, Jun 4, 2014 at 7:25 AM, Wenbo Zhu <wenboz@google.com
> <mailto:wenboz@google.com>> wrote:
>
>     Just ping the group and see if we may consider renaming 401 as
>     "unauthenticated", to be exact.
>
>     http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-26#section-2.1
>
>     Thanks,
>     Wenbo
>
>
>
>
> --
> -----
> http://www.healthintersections.com.au /
> grahame@healthintersections.com.au
> <mailto:grahame@healthintersections.com.au>
Received on Wednesday, 4 June 2014 05:11:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:31 UTC