- From: Rick van Rein <rick@openfortress.nl>
- Date: Sun, 26 Jan 2020 10:59:38 +0100
- To: Austin Wright <aaa@bzfx.net>
- CC: "HTTPbis WG (IETF)" <ietf-http-wg@w3.org>
Austin Wright wrote: > I think what the http-wg list is saying is, while the feature could be defined and standardized, user-agents cannot be obligated to support it. I know, but this kind of thinking is always hindering HTTP progress or, more in general, the development of any client/server protocol in use. This style of thought is not helpful during innovation, I think. Note that what I am tackling here is based on misinterpretation of RFC3986, so it is a bug that ought to be fixed. Also note that nothing is breaking by adding this facilty, only enforcing its use could. Users who do have a compliant user agent can immediately experience the benefits for their own use, against their own sites. That might be their own IDP, but the support might explode when large providers support it, as in https://godfried.boomans@gmail.com for access to webmail. Thanks, -Rick > Consider: If a user clicks on your link, some user agents will send: > > GET /index.html HTTP/1.1 > Host: example.com > User: john > > And others will send (because they choose not to implement the feature): > > GET /index.html HTTP/1.1 > Host: example.com > > So what functionality is this offering, if servers can’t rely on user agents sending the header? > > There’s an easy solution, just put it in the hier-part: > > http://example.com/~john/index.html > > Or maybe define a standard that allows the _server_ to specify: “URIs of this format <http://example.com/~{user}/> belong to the specified user” > > Austin Wright. > > >> On Jan 25, 2020, at 08:59, Rick van Rein <rick@openfortress.nl> wrote: >> >> Hi Daniel, >> >>> You can't fix this simply by saying that setting the name part of the >>> userinfo in a HTTP URI is OK. HTTP has no established way to send a >>> user name outside of authentication. >> Exactly. That's why I started this thread with an Internet Draft, >> https://datatracker.ietf.org/doc/draft-vanrein-http-unauth-user/ >> >> For http://john@example.com/index.html it sends >> >> GET /index.html HTTP/1.1 >> Host: example.com >> User: john >> >> >> Cheers, >> -Rick >> >
Received on Sunday, 26 January 2020 10:00:11 UTC