W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: Working Group Last Call: draft-ietf-httpbis-auth-info

From: Hervé Ruellan <herve.ruellan@crf.canon.fr>
Date: Wed, 18 Feb 2015 13:37:37 +0100
Message-ID: <54E48791.2010303@crf.canon.fr>
To: <ietf-http-wg@w3.org>
I think the purpose of the headers should be made more consistent across 
the document.
In the Introduction, they are used to "return additional information 
during or after authentication", while in 3, the Authentication-Info 
header is used to "communicate additional information regarding the 
successful authentication".

DIGEST use it in an optional manner, to convey additional information 
after a successful authentication.
Scram is using it in a mandatory manner, to finalize the authentication, 
by conveying information for authenticating the server.

I think that Authentication-Info should be used by the server once the 
client is authenticated (i.e. the status code is not 401), to either 
convey additional information or finalize the authentication.

I created a pull request in this direction:


On 02/10/2015 11:59 PM, Mark Nottingham wrote:
> Everyone,
> Julian believes (with his editor hat on) that this is ready. As discussed, this is a simple document to pull the Authentication-Info and Proxy-Authentication-Info header fields out of 2617, so that they’re not associated with a particular authentication scheme (thereby avoiding lots of scheme-specific headers).
> Therefore, this is the announcement of WGLC for:
>   https://tools.ietf.org/html/draft-ietf-httpbis-auth-info-02
> Please review the document carefully, and comment on this list.
> WGLC will end on 25 February.
> Cheers,
> --
> Mark Nottingham   https://www.mnot.net/
Received on Wednesday, 18 February 2015 12:38:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC