W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: Call for adoption: draft-reschke-httpauth-auth-info-00

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 29 Jan 2015 14:35:10 +1100
Cc: HTTP <ietf-http-wg@w3.org>
Message-Id: <1D3A9CC0-B741-4C2A-BBC9-6D57A4A4BB49@mnot.net>
To: Martin Thomson <martin.thomson@gmail.com>
So, you support adopting it?


> On 29 Jan 2015, at 11:21 am, Martin Thomson <martin.thomson@gmail.com> wrote:
> On 28 January 2015 at 14:45, Mark Nottingham <mnot@mnot.net> wrote:
>> Julian has proposed that <http://tools.ietf.org/html/draft-reschke-httpauth-auth-info-00> be adopted by this WG, with the aim of getting to LC quickly so that it can be referenced by other efforts.
> I'd like to see the fact that this is a *response* header field more
> prominent in the document.  The word "return" is used, but in this
> context, that's fairly ambiguous.
> More fundamentally, I see a correlation issue if clients provide
> multiple *Authorization header fields.  The response they receive will
> contain some unaggregated name-value pairs in this header field.
>  "Its semantics are defined by the applicable authentication scheme."
> I don't know how that can be interpreted in the general sense since
> there isn't a way of identifying the corresponding scheme.
> And doesn't it need anti-collision machinery for the parameters?

Mark Nottingham   https://www.mnot.net/
Received on Thursday, 29 January 2015 03:35:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:42 UTC