- From: Mark Thomas <markt@apache.org>
- Date: Wed, 31 May 2023 10:39:45 +0100
- To: Julian Reschke <julian.reschke@gmx.de>, Philippe Cloutier <chealer@gmail.com>, "Roy T. Fielding" <fielding@gbiv.com>
- Cc: RFC Errata System <rfc-editor@rfc-editor.org>, Mark Nottingham <mnot@mnot.net>, ietf-http-wg@w3.org
On 30/05/2023 17:42, Julian Reschke wrote: > On 30.05.2023 18:37, Philippe Cloutier wrote: >> Hi Roy, >> >> Le mar. 30 mai 2023 à 12:01, Roy T. Fielding <fielding@gbiv.com >> <mailto:fielding@gbiv.com>> a écrit : >> >> > On May 29, 2023, at 2:47 PM, RFC Errata System >> <rfc-editor@rfc-editor.org <mailto:rfc-editor@rfc-editor.org>> wrote: >> > >> > The following errata report has been submitted for RFC9110, >> > "HTTP Semantics". >> > >> > -------------------------------------- >> > You may review the report below and at: >> > https://www.rfc-editor.org/errata/eid7530 >> <https://www.rfc-editor.org/errata/eid7530> >> > >> > -------------------------------------- >> > Type: Editorial >> > Reported by: Philippe Cloutier <chealer@gmail.com >> <mailto:chealer@gmail.com>> >> > >> > Section: 15.5.2. >> > >> > Original Text >> > ------------- >> > The 401 (Unauthorized) status code indicates that the request >> has not >> > been applied because it lacks valid authentication credentials for >> > the target resource. >> > >> > Corrected Text >> > -------------- >> > The 401 (Unauthorized) status code indicates that the request >> has not >> > been processed because it lacks valid authentication >> credentials for >> > the target resource. >> > >> > Notes >> > ----- >> > "applying a request" is not a standard expression. Usually, >> requests are "treated", "granted" or "processed". >> > >> > This phrasing was imported in Apache Tomcat; thanks to Mark >> Thomas for pointing out it came from this RFC. >> >> REJECT >> >> A method is applied to a resource to have an effect that results in >> a response. >> Any web search on "method applied" will show you that it is quite >> common in >> standard English. >> >> >> You are right that a method can be applied. But the problematic >> statement is about a *request*. It is perfectly valid to "apply a method >> to process a request", for example, but that's not what the sentence >> says. > > The method is part of the HTTP request... > >> >> The request has already been processed, at least partially, >> in order to make a decision that resulted in a 401 error. >> >> >> To clarify, the contents of "Corrected Text" are merely a suggestion. >> Please don't take this as a request to change with the text I wrote, but >> as a request to apply whatever fix is best. There are several other >> options. I suggested "processed" since it's in line with 400, but I do >> not disagree that returning a 401 error is some partial request >> processing. >> >> > The 401 (Unauthorized) status code indicates that the request has not >> been granted because it lacks valid authentication credentials for the >> target resource. >> >> ...would be IMO more exact. "fulfilled" would be another option. > > "granted" would be for authorization (403), but not for authentication > (401). > >> >> [...] >> >> In any case, RFC9110 defines a lot of standard expressions. >> >> >> I am sorry but I fail to understand what you are saying. >> >> >> ....Roy > > Same here. Let's stick to the terminology that we've been using for > years now. When I read that sentence out of context (on its own as a description of what a 401 response means and without the rest of the RFC 9110 text) the use of "applied" did strike me as a little odd. When read in the context of RFC 9110, it is more obvious (to me at least) that the request has not been applied to the target resource. How about a slight re-wording of that sentence to: "The 401 (Unauthorized) status code indicates that the request has not been applied to the target resource because it lacks valid authentication credentials for that resource." It arguably adds a little redundancy to the text but I think the additional clarity justifies that. Mark
Received on Wednesday, 31 May 2023 09:39:56 UTC