Re: Working Group Last Call: draft-ietf-httpbis-auth-info

On 2015-02-18 13:37, Hervé Ruellan wrote:
> I think the purpose of the headers should be made more consistent across
> the document.


> In the Introduction, they are used to "return additional information
> during or after authentication", while in 3, the Authentication-Info
> header is used to "communicate additional information regarding the
> successful authentication".
> DIGEST use it in an optional manner, to convey additional information
> after a successful authentication.
> Scram is using it in a mandatory manner, to finalize the authentication,
> by conveying information for authenticating the server.
> I think that Authentication-Info should be used by the server once the
> client is authenticated (i.e. the status code is not 401), to either
> convey additional information or finalize the authentication.
> I created a pull request in this direction:
> Hervé.

Which means that we rule out the use of Auth-Info before the 
authentication is done.

I'm ok with this clarification, what do others think?

Best regards, Julian

Received on Sunday, 22 February 2015 18:25:39 UTC