W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2020

Re: [Secdispatch] I-D on dealing with the 3xx XOR 401 problem

From: Nico Williams <nico@cryptonector.com>
Date: Tue, 31 Mar 2020 17:29:12 -0500
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: ietf-http-wg@w3.org, secdispatch@ietf.org
Message-ID: <20200331222910.GV18021@localhost>
I've submitted a -01 with these changes:

 - better documented the motivation for the new Accept headers (improved
   interop without having to modify HTTP implementations, just
   applications)

 - removed special values of Accept-Auth

 - added Accept-Redirect and Accept-Redirect-Auth headers

 - for the Redirect auth scheme, limit preservation of the Authorization
   header and add an Authorization-Request header that is always
   preserved

 - expanded discussion of redirect-based auth protocols

 - improved Security and IANA Considerations text

 - misc changes

The new Accept headers and the new auth scheme are now much more
separable.  This I-D could now be split into two I-Ds.

Nico
-- 
Received on Tuesday, 31 March 2020 22:29:31 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 31 March 2020 22:29:33 UTC