I think it's OK and it should be. We already have WWW-Authenticate: for things before completion of authentication. 2015-02-23 3:24 GMT+09:00 Julian Reschke <julian.reschke@gmx.de>: > On 2015-02-18 13:37, Hervé Ruellan wrote: >> >> I think the purpose of the headers should be made more consistent across >> the document. > > > Yes. > >> In the Introduction, they are used to "return additional information >> during or after authentication", while in 3, the Authentication-Info >> header is used to "communicate additional information regarding the >> successful authentication". >> >> DIGEST use it in an optional manner, to convey additional information >> after a successful authentication. >> Scram is using it in a mandatory manner, to finalize the authentication, >> by conveying information for authenticating the server. >> >> I think that Authentication-Info should be used by the server once the >> client is authenticated (i.e. the status code is not 401), to either >> convey additional information or finalize the authentication. >> >> I created a pull request in this direction: >> https://github.com/httpwg/http-extensions/pull/47 >> >> Hervé. > > > Which means that we rule out the use of Auth-Info before the authentication > is done. > > I'm ok with this clarification, what do others think? > > Best regards, Julian >Received on Monday, 23 February 2015 00:36:16 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:43 UTC