- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sun, 22 Feb 2015 19:24:39 +0100
- To: Hervé Ruellan <herve.ruellan@crf.canon.fr>, ietf-http-wg@w3.org
On 2015-02-18 13:37, Hervé Ruellan wrote: > I think the purpose of the headers should be made more consistent across > the document. Yes. > In the Introduction, they are used to "return additional information > during or after authentication", while in 3, the Authentication-Info > header is used to "communicate additional information regarding the > successful authentication". > > DIGEST use it in an optional manner, to convey additional information > after a successful authentication. > Scram is using it in a mandatory manner, to finalize the authentication, > by conveying information for authenticating the server. > > I think that Authentication-Info should be used by the server once the > client is authenticated (i.e. the status code is not 401), to either > convey additional information or finalize the authentication. > > I created a pull request in this direction: > https://github.com/httpwg/http-extensions/pull/47 > > Hervé. Which means that we rule out the use of Auth-Info before the authentication is done. I'm ok with this clarification, what do others think? Best regards, Julian
Received on Sunday, 22 February 2015 18:25:39 UTC