W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2020

Re: Adding user@ to HTTP[S] URIs

From: Rick van Rein <rick@openfortress.nl>
Date: Mon, 27 Jan 2020 13:46:23 +0100
Message-ID: <5E2EDB9F.6050705@openfortress.nl>
To: Daniel Stenberg <daniel@haxx.se>
CC: James Fuller <jim@webcomposite.com>, Austin Wright <aaa@bzfx.net>, "HTTPbis WG (IETF)" <ietf-http-wg@w3.org>
Hey Daniel,

> it sends the user name without a password in a HTTP
> header, which is... well, what you ask for. =)

Meh.  Just the minor, technical part.  It fails to separate the
authentication user from the resource user.

Actually, the current proposal was woven into HTTP SASL, as a "userview"
variable.  The whole reason I wrote this new spec is to get it out
there, because it provided clutter and obscured the clarity of the
authentication concept.

> I appreciate your optimism!


Received on Monday, 27 January 2020 12:46:44 UTC

This archive was generated by hypermail 2.4.0 : Monday, 27 January 2020 12:46:45 UTC