- From: Julian Reschke <julian.reschke@greenbytes.de>
- Date: Thu, 29 Jan 2015 08:41:13 +0100
- To: Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>
- CC: HTTP <ietf-http-wg@w3.org>
On 2015-01-29 01:21, Martin Thomson wrote: > On 28 January 2015 at 14:45, Mark Nottingham <mnot@mnot.net> wrote: >> Julian has proposed that <http://tools.ietf.org/html/draft-reschke-httpauth-auth-info-00> be adopted by this WG, with the aim of getting to LC quickly so that it can be referenced by other efforts. > > I'd like to see the fact that this is a *response* header field more > prominent in the document. The word "return" is used, but in this > context, that's fairly ambiguous. Will do. (Which reminds me that in the list of considerations for new header fields in 7231, most apply to request header fields; we may want to restructure that text in the future) > More fundamentally, I see a correlation issue if clients provide > multiple *Authorization header fields. The response they receive will > contain some unaggregated name-value pairs in this header field. > > "Its semantics are defined by the applicable authentication scheme." > > I don't know how that can be interpreted in the general sense since > there isn't a way of identifying the corresponding scheme. > > And doesn't it need anti-collision machinery for the parameters? See Yutaka's answer. Best regards, Julian
Received on Thursday, 29 January 2015 07:41:44 UTC