- From: Nico Williams <nico@cryptonector.com>
- Date: Tue, 31 Mar 2020 17:29:12 -0500
- To: Benjamin Kaduk <kaduk@mit.edu>
- Cc: ietf-http-wg@w3.org, secdispatch@ietf.org
I've submitted a -01 with these changes: - better documented the motivation for the new Accept headers (improved interop without having to modify HTTP implementations, just applications) - removed special values of Accept-Auth - added Accept-Redirect and Accept-Redirect-Auth headers - for the Redirect auth scheme, limit preservation of the Authorization header and add an Authorization-Request header that is always preserved - expanded discussion of redirect-based auth protocols - improved Security and IANA Considerations text - misc changes The new Accept headers and the new auth scheme are now much more separable. This I-D could now be split into two I-Ds. Nico --
Received on Tuesday, 31 March 2020 22:29:31 UTC