- From: Rick van Rein <rick@openfortress.nl>
- Date: Mon, 27 Jan 2020 13:46:23 +0100
- To: Daniel Stenberg <daniel@haxx.se>
- CC: James Fuller <jim@webcomposite.com>, Austin Wright <aaa@bzfx.net>, "HTTPbis WG (IETF)" <ietf-http-wg@w3.org>
Hey Daniel, > it sends the user name without a password in a HTTP > header, which is... well, what you ask for. =) Meh. Just the minor, technical part. It fails to separate the authentication user from the resource user. Actually, the current proposal was woven into HTTP SASL, as a "userview" variable. The whole reason I wrote this new spec is to get it out there, because it provided clutter and obscured the clarity of the authentication concept. > I appreciate your optimism! :) -Rick
Received on Monday, 27 January 2020 12:46:44 UTC