- From: Hervé Ruellan <herve.ruellan@crf.canon.fr>
- Date: Wed, 18 Feb 2015 13:37:37 +0100
- To: <ietf-http-wg@w3.org>
I think the purpose of the headers should be made more consistent across the document. In the Introduction, they are used to "return additional information during or after authentication", while in 3, the Authentication-Info header is used to "communicate additional information regarding the successful authentication". DIGEST use it in an optional manner, to convey additional information after a successful authentication. Scram is using it in a mandatory manner, to finalize the authentication, by conveying information for authenticating the server. I think that Authentication-Info should be used by the server once the client is authenticated (i.e. the status code is not 401), to either convey additional information or finalize the authentication. I created a pull request in this direction: https://github.com/httpwg/http-extensions/pull/47 Hervé. On 02/10/2015 11:59 PM, Mark Nottingham wrote: > Everyone, > > Julian believes (with his editor hat on) that this is ready. As discussed, this is a simple document to pull the Authentication-Info and Proxy-Authentication-Info header fields out of 2617, so that they’re not associated with a particular authentication scheme (thereby avoiding lots of scheme-specific headers). > > Therefore, this is the announcement of WGLC for: > https://tools.ietf.org/html/draft-ietf-httpbis-auth-info-02 > > Please review the document carefully, and comment on this list. > > WGLC will end on 25 February. > > Cheers, > > -- > Mark Nottingham https://www.mnot.net/ > > > > >
Received on Wednesday, 18 February 2015 12:38:10 UTC