W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: Call for adoption: draft-reschke-httpauth-auth-info-00

From: Julian Reschke <julian.reschke@greenbytes.de>
Date: Thu, 29 Jan 2015 08:41:13 +0100
Message-ID: <54C9E419.1070407@greenbytes.de>
To: Martin Thomson <martin.thomson@gmail.com>, Mark Nottingham <mnot@mnot.net>
CC: HTTP <ietf-http-wg@w3.org>
On 2015-01-29 01:21, Martin Thomson wrote:
> On 28 January 2015 at 14:45, Mark Nottingham <mnot@mnot.net> wrote:
>> Julian has proposed that <http://tools.ietf.org/html/draft-reschke-httpauth-auth-info-00> be adopted by this WG, with the aim of getting to LC quickly so that it can be referenced by other efforts.
>
> I'd like to see the fact that this is a *response* header field more
> prominent in the document.  The word "return" is used, but in this
> context, that's fairly ambiguous.

Will do.

(Which reminds me that in the list of considerations for new header 
fields in 7231, most apply to request header fields; we may want to 
restructure that text in the future)

> More fundamentally, I see a correlation issue if clients provide
> multiple *Authorization header fields.  The response they receive will
> contain some unaggregated name-value pairs in this header field.
>
>    "Its semantics are defined by the applicable authentication scheme."
>
> I don't know how that can be interpreted in the general sense since
> there isn't a way of identifying the corresponding scheme.
>
> And doesn't it need anti-collision machinery for the parameters?

See Yutaka's answer.

Best regards, Julian
Received on Thursday, 29 January 2015 07:41:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:42 UTC