W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

Re: Working Group Last Call: draft-ietf-httpbis-auth-info

From: Julian Reschke <julian.reschke@gmx.de>
Date: Sun, 22 Feb 2015 19:24:39 +0100
Message-ID: <54EA1EE7.70903@gmx.de>
To: Hervé Ruellan <herve.ruellan@crf.canon.fr>, ietf-http-wg@w3.org
On 2015-02-18 13:37, Hervé Ruellan wrote:
> I think the purpose of the headers should be made more consistent across
> the document.

Yes.

> In the Introduction, they are used to "return additional information
> during or after authentication", while in 3, the Authentication-Info
> header is used to "communicate additional information regarding the
> successful authentication".
>
> DIGEST use it in an optional manner, to convey additional information
> after a successful authentication.
> Scram is using it in a mandatory manner, to finalize the authentication,
> by conveying information for authenticating the server.
>
> I think that Authentication-Info should be used by the server once the
> client is authenticated (i.e. the status code is not 401), to either
> convey additional information or finalize the authentication.
>
> I created a pull request in this direction:
> https://github.com/httpwg/http-extensions/pull/47
>
> Hervé.

Which means that we rule out the use of Auth-Info before the 
authentication is done.

I'm ok with this clarification, what do others think?

Best regards, Julian
Received on Sunday, 22 February 2015 18:25:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC