- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Wed, 28 Jan 2015 16:21:45 -0800
- To: Mark Nottingham <mnot@mnot.net>
- Cc: HTTP <ietf-http-wg@w3.org>
On 28 January 2015 at 14:45, Mark Nottingham <mnot@mnot.net> wrote: > Julian has proposed that <http://tools.ietf.org/html/draft-reschke-httpauth-auth-info-00> be adopted by this WG, with the aim of getting to LC quickly so that it can be referenced by other efforts. I'd like to see the fact that this is a *response* header field more prominent in the document. The word "return" is used, but in this context, that's fairly ambiguous. More fundamentally, I see a correlation issue if clients provide multiple *Authorization header fields. The response they receive will contain some unaggregated name-value pairs in this header field. "Its semantics are defined by the applicable authentication scheme." I don't know how that can be interpreted in the general sense since there isn't a way of identifying the corresponding scheme. And doesn't it need anti-collision machinery for the parameters?
Received on Thursday, 29 January 2015 00:22:13 UTC