- From: Wenbo Zhu <wenboz@google.com>
- Date: Tue, 3 Jun 2014 23:09:40 -0700
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: grahame@healthintersections.com.au, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CAD3-0rMaDHoiMAqoJK6qgLbP2BT2i9Ne9Ts3YEiKfz0vUQ9Uxg@mail.gmail.com>
On Tue, Jun 3, 2014 at 10:10 PM, Julian Reschke <julian.reschke@gmx.de> wrote: > Hi there, > > I agree that this requires clarification, but it is too late for RFC 7235. > > That being said, it would be good to have a single place for proposed > future changes. My proposal would be to keep using the SVN Trac instance > for that. > I'd be happy to file a change request for this if there is a link, or provide more background as needed. Thanks. > > Best regards, Julian > > On 2014-06-03 23:39, Grahame Grieve wrote: > >> I think that this an attempt to propose clarification, which is good, >> because this is confusing: >> >> The 401 (Unauthorized) status code indicates that the request has not >> been applied because it lacks valid authentication credentials for >> the target resource >> >> >> A server that receives valid credentials which are not adequate to >> gain access ought to respond with the 403 (Forbidden) status code >> (Section 6.5.3 of [Part2 <http://tools.ietf.org/html/ >> draft-ietf-httpbis-p7-auth-26#ref-Part2>]) >> >> >> There's rather an overlap between those, and consequently quite a lack of >> >> clarity about which should be used when. >> >> >> Grahame >> >> >> >> >> >> On Wed, Jun 4, 2014 at 7:25 AM, Wenbo Zhu <wenboz@google.com >> <mailto:wenboz@google.com>> wrote: >> >> Just ping the group and see if we may consider renaming 401 as >> "unauthenticated", to be exact. >> >> http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-26#section-2.1 >> >> Thanks, >> Wenbo >> >> >> >> >> -- >> ----- >> http://www.healthintersections.com.au / >> grahame@healthintersections.com.au >> <mailto:grahame@healthintersections.com.au> >> > >
Received on Wednesday, 4 June 2014 06:10:07 UTC