- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 29 Jan 2015 14:35:10 +1100
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: HTTP <ietf-http-wg@w3.org>
So, you support adopting it? Regards, > On 29 Jan 2015, at 11:21 am, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 28 January 2015 at 14:45, Mark Nottingham <mnot@mnot.net> wrote: >> Julian has proposed that <http://tools.ietf.org/html/draft-reschke-httpauth-auth-info-00> be adopted by this WG, with the aim of getting to LC quickly so that it can be referenced by other efforts. > > I'd like to see the fact that this is a *response* header field more > prominent in the document. The word "return" is used, but in this > context, that's fairly ambiguous. > > More fundamentally, I see a correlation issue if clients provide > multiple *Authorization header fields. The response they receive will > contain some unaggregated name-value pairs in this header field. > > "Its semantics are defined by the applicable authentication scheme." > > I don't know how that can be interpreted in the general sense since > there isn't a way of identifying the corresponding scheme. > > And doesn't it need anti-collision machinery for the parameters? -- Mark Nottingham https://www.mnot.net/
Received on Thursday, 29 January 2015 03:35:39 UTC