Re: Call for adoption: draft-reschke-httpauth-auth-info-00

So, you support adopting it?


> On 29 Jan 2015, at 11:21 am, Martin Thomson <> wrote:
> On 28 January 2015 at 14:45, Mark Nottingham <> wrote:
>> Julian has proposed that <> be adopted by this WG, with the aim of getting to LC quickly so that it can be referenced by other efforts.
> I'd like to see the fact that this is a *response* header field more
> prominent in the document.  The word "return" is used, but in this
> context, that's fairly ambiguous.
> More fundamentally, I see a correlation issue if clients provide
> multiple *Authorization header fields.  The response they receive will
> contain some unaggregated name-value pairs in this header field.
>  "Its semantics are defined by the applicable authentication scheme."
> I don't know how that can be interpreted in the general sense since
> there isn't a way of identifying the corresponding scheme.
> And doesn't it need anti-collision machinery for the parameters?

Mark Nottingham

Received on Thursday, 29 January 2015 03:35:39 UTC